From ed428bddd2b09e16c20920b54f8e21633270d753 Mon Sep 17 00:00:00 2001 From: Your Name <1153793677@qq.com> Date: Thu, 15 Dec 2022 15:03:52 +0800 Subject: [PATCH 1/3] =?UTF-8?q?=E4=BC=98=E5=8C=96nss?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- rust/rust_project/src/vtls/nss.rs | 12012 ++++++++++++++-------------- 1 file changed, 5969 insertions(+), 6043 deletions(-) diff --git a/rust/rust_project/src/vtls/nss.rs b/rust/rust_project/src/vtls/nss.rs index 392ca8a..b379241 100644 --- a/rust/rust_project/src/vtls/nss.rs +++ b/rust/rust_project/src/vtls/nss.rs @@ -8,5122 +8,5058 @@ * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR * PURPOSE. * See the Mulan PSL v2 for more details. - * Author: wyf, + * Author: wyf, * Create: 2022-10-31 * Description: support nss ******************************************************************************/ - use ::libc; - use rust_ffi::src::ffi_alias::type_alias::*; - use rust_ffi::src::ffi_fun::fun_call::*; - use rust_ffi::src::ffi_struct::struct_define::*; - use crate::src::vtls::vtls::*; - - #[inline] - extern "C" fn stat( - mut __path: *const libc::c_char, - mut __statbuf: *mut stat, - ) -> i32 { - unsafe{ - return __xstat(1 as i32, __path, __statbuf); - } - } - static mut nss_initlock: *mut PRLock = 0 as *const PRLock as *mut PRLock; - static mut nss_crllock: *mut PRLock = 0 as *const PRLock as *mut PRLock; - static mut nss_findslot_lock: *mut PRLock = 0 as *const PRLock as *mut PRLock; - static mut nss_trustload_lock: *mut PRLock = 0 as *const PRLock as *mut PRLock; - static mut nss_crl_list: Curl_llist = Curl_llist { - head: 0 as *const Curl_llist_element as *mut Curl_llist_element, - tail: 0 as *const Curl_llist_element as *mut Curl_llist_element, - dtor: None, - size: 0, - }; - static mut nss_context: *mut NSSInitContext = 0 as *const NSSInitContext as *mut NSSInitContext; - static mut initialized: i32 = 0 as i32; - static mut cipherlist: [cipher_s; 94] = [ - { - let mut init = cipher_s { - name: b"rc4\0" as *const u8 as *const libc::c_char, - num: 0xff01 as i32, - }; - init - }, - { - let mut init = cipher_s { - name: b"rc4-md5\0" as *const u8 as *const libc::c_char, - num: 0xff01 as i32, - }; - init - }, - { - let mut init = cipher_s { - name: b"rc4export\0" as *const u8 as *const libc::c_char, - num: 0xff02 as i32, - }; - init - }, - { - let mut init = cipher_s { - name: b"rc2\0" as *const u8 as *const libc::c_char, - num: 0xff03 as i32, - }; - init - }, - { - let mut init = cipher_s { - name: b"rc2export\0" as *const u8 as *const libc::c_char, - num: 0xff04 as i32, - }; - init - }, - { - let mut init = cipher_s { - name: b"des\0" as *const u8 as *const libc::c_char, - num: 0xff06 as i32, - }; - init - }, - { - let mut init = cipher_s { - name: b"desede3\0" as *const u8 as *const libc::c_char, - num: 0xff07 as i32, - }; - init - }, - { - let mut init = cipher_s { - name: b"rsa_rc4_128_md5\0" as *const u8 as *const libc::c_char, - num: 0x4 as i32, - }; - init - }, - { - let mut init = cipher_s { - name: b"rsa_rc4_128_sha\0" as *const u8 as *const libc::c_char, - num: 0x5 as i32, - }; - init - }, - { - let mut init = cipher_s { - name: b"rsa_3des_sha\0" as *const u8 as *const libc::c_char, - num: 0xa as i32, - }; - init - }, - { - let mut init = cipher_s { - name: b"rsa_des_sha\0" as *const u8 as *const libc::c_char, - num: 0x9 as i32, - }; - init - }, - { - let mut init = cipher_s { - name: b"rsa_rc4_40_md5\0" as *const u8 as *const libc::c_char, - num: 0x3 as i32, - }; - init - }, - { - let mut init = cipher_s { - name: b"rsa_rc2_40_md5\0" as *const u8 as *const libc::c_char, - num: 0x6 as i32, - }; - init - }, - { - let mut init = cipher_s { - name: b"rsa_null_md5\0" as *const u8 as *const libc::c_char, - num: 0x1 as i32, - }; - init - }, - { - let mut init = cipher_s { - name: b"rsa_null_sha\0" as *const u8 as *const libc::c_char, - num: 0x2 as i32, - }; - init - }, - { - let mut init = cipher_s { - name: b"fips_3des_sha\0" as *const u8 as *const libc::c_char, - num: 0xfeff as i32, - }; - init - }, - { - let mut init = cipher_s { - name: b"fips_des_sha\0" as *const u8 as *const libc::c_char, - num: 0xfefe as i32, - }; - init - }, - { - let mut init = cipher_s { - name: b"fortezza\0" as *const u8 as *const libc::c_char, - num: 0x1d as i32, - }; - init - }, - { - let mut init = cipher_s { - name: b"fortezza_rc4_128_sha\0" as *const u8 as *const libc::c_char, - num: 0x1e as i32, - }; - init - }, - { - let mut init = cipher_s { - name: b"fortezza_null\0" as *const u8 as *const libc::c_char, - num: 0x1c as i32, - }; - init - }, - { - let mut init = cipher_s { - name: b"dhe_rsa_3des_sha\0" as *const u8 as *const libc::c_char, - num: 0x16 as i32, - }; - init - }, - { - let mut init = cipher_s { - name: b"dhe_dss_3des_sha\0" as *const u8 as *const libc::c_char, - num: 0x13 as i32, - }; - init - }, - { - let mut init = cipher_s { - name: b"dhe_rsa_des_sha\0" as *const u8 as *const libc::c_char, - num: 0x15 as i32, - }; - init - }, - { - let mut init = cipher_s { - name: b"dhe_dss_des_sha\0" as *const u8 as *const libc::c_char, - num: 0x12 as i32, - }; - init - }, - { - let mut init = cipher_s { - name: b"rsa_des_56_sha\0" as *const u8 as *const libc::c_char, - num: 0x62 as i32, - }; - init - }, - { - let mut init = cipher_s { - name: b"rsa_rc4_56_sha\0" as *const u8 as *const libc::c_char, - num: 0x64 as i32, - }; - init - }, - { - let mut init = cipher_s { - name: b"dhe_dss_rc4_128_sha\0" as *const u8 as *const libc::c_char, - num: 0x66 as i32, - }; - init - }, - { - let mut init = cipher_s { - name: b"dhe_dss_aes_128_cbc_sha\0" as *const u8 as *const libc::c_char, - num: 0x32 as i32, - }; - init - }, - { - let mut init = cipher_s { - name: b"dhe_dss_aes_256_cbc_sha\0" as *const u8 as *const libc::c_char, - num: 0x38 as i32, - }; - init - }, - { - let mut init = cipher_s { - name: b"dhe_rsa_aes_128_cbc_sha\0" as *const u8 as *const libc::c_char, - num: 0x33 as i32, - }; - init - }, - { - let mut init = cipher_s { - name: b"dhe_rsa_aes_256_cbc_sha\0" as *const u8 as *const libc::c_char, - num: 0x39 as i32, - }; - init - }, - { - let mut init = cipher_s { - name: b"rsa_aes_128_sha\0" as *const u8 as *const libc::c_char, - num: 0x2f as i32, - }; - init - }, - { - let mut init = cipher_s { - name: b"rsa_aes_256_sha\0" as *const u8 as *const libc::c_char, - num: 0x35 as i32, - }; - init - }, - { - let mut init = cipher_s { - name: b"ecdh_ecdsa_null_sha\0" as *const u8 as *const libc::c_char, - num: 0xc001 as i32, - }; - init - }, - { - let mut init = cipher_s { - name: b"ecdh_ecdsa_rc4_128_sha\0" as *const u8 as *const libc::c_char, - num: 0xc002 as i32, - }; - init - }, - { - let mut init = cipher_s { - name: b"ecdh_ecdsa_3des_sha\0" as *const u8 as *const libc::c_char, - num: 0xc003 as i32, - }; - init - }, - { - let mut init = cipher_s { - name: b"ecdh_ecdsa_aes_128_sha\0" as *const u8 as *const libc::c_char, - num: 0xc004 as i32, - }; - init - }, - { - let mut init = cipher_s { - name: b"ecdh_ecdsa_aes_256_sha\0" as *const u8 as *const libc::c_char, - num: 0xc005 as i32, - }; - init - }, - { - let mut init = cipher_s { - name: b"ecdhe_ecdsa_null_sha\0" as *const u8 as *const libc::c_char, - num: 0xc006 as i32, - }; - init - }, - { - let mut init = cipher_s { - name: b"ecdhe_ecdsa_rc4_128_sha\0" as *const u8 as *const libc::c_char, - num: 0xc007 as i32, - }; - init - }, - { - let mut init = cipher_s { - name: b"ecdhe_ecdsa_3des_sha\0" as *const u8 as *const libc::c_char, - num: 0xc008 as i32, - }; - init - }, - { - let mut init = cipher_s { - name: b"ecdhe_ecdsa_aes_128_sha\0" as *const u8 as *const libc::c_char, - num: 0xc009 as i32, - }; - init - }, - { - let mut init = cipher_s { - name: b"ecdhe_ecdsa_aes_256_sha\0" as *const u8 as *const libc::c_char, - num: 0xc00a as i32, - }; - init - }, - { - let mut init = cipher_s { - name: b"ecdh_rsa_null_sha\0" as *const u8 as *const libc::c_char, - num: 0xc00b as i32, - }; - init - }, - { - let mut init = cipher_s { - name: b"ecdh_rsa_128_sha\0" as *const u8 as *const libc::c_char, - num: 0xc00c as i32, - }; - init - }, - { - let mut init = cipher_s { - name: b"ecdh_rsa_3des_sha\0" as *const u8 as *const libc::c_char, - num: 0xc00d as i32, - }; - init - }, - { - let mut init = cipher_s { - name: b"ecdh_rsa_aes_128_sha\0" as *const u8 as *const libc::c_char, - num: 0xc00e as i32, - }; - init - }, - { - let mut init = cipher_s { - name: b"ecdh_rsa_aes_256_sha\0" as *const u8 as *const libc::c_char, - num: 0xc00f as i32, - }; - init - }, - { - let mut init = cipher_s { - name: b"ecdhe_rsa_null\0" as *const u8 as *const libc::c_char, - num: 0xc010 as i32, - }; - init - }, - { - let mut init = cipher_s { - name: b"ecdhe_rsa_rc4_128_sha\0" as *const u8 as *const libc::c_char, - num: 0xc011 as i32, - }; - init - }, - { - let mut init = cipher_s { - name: b"ecdhe_rsa_3des_sha\0" as *const u8 as *const libc::c_char, - num: 0xc012 as i32, - }; - init - }, - { - let mut init = cipher_s { - name: b"ecdhe_rsa_aes_128_sha\0" as *const u8 as *const libc::c_char, - num: 0xc013 as i32, - }; - init - }, - { - let mut init = cipher_s { - name: b"ecdhe_rsa_aes_256_sha\0" as *const u8 as *const libc::c_char, - num: 0xc014 as i32, - }; - init - }, - { - let mut init = cipher_s { - name: b"ecdh_anon_null_sha\0" as *const u8 as *const libc::c_char, - num: 0xc015 as i32, - }; - init - }, - { - let mut init = cipher_s { - name: b"ecdh_anon_rc4_128sha\0" as *const u8 as *const libc::c_char, - num: 0xc016 as i32, - }; - init - }, - { - let mut init = cipher_s { - name: b"ecdh_anon_3des_sha\0" as *const u8 as *const libc::c_char, - num: 0xc017 as i32, - }; - init - }, - { - let mut init = cipher_s { - name: b"ecdh_anon_aes_128_sha\0" as *const u8 as *const libc::c_char, - num: 0xc018 as i32, - }; - init - }, - { - let mut init = cipher_s { - name: b"ecdh_anon_aes_256_sha\0" as *const u8 as *const libc::c_char, - num: 0xc019 as i32, - }; - init - }, - { - let mut init = cipher_s { - name: b"rsa_null_sha_256\0" as *const u8 as *const libc::c_char, - num: 0x3b as i32, - }; - init - }, - { - let mut init = cipher_s { - name: b"rsa_aes_128_cbc_sha_256\0" as *const u8 as *const libc::c_char, - num: 0x3c as i32, - }; - init - }, - { - let mut init = cipher_s { - name: b"rsa_aes_256_cbc_sha_256\0" as *const u8 as *const libc::c_char, - num: 0x3d as i32, - }; - init - }, - { - let mut init = cipher_s { - name: b"dhe_rsa_aes_128_cbc_sha_256\0" as *const u8 as *const libc::c_char, - num: 0x67 as i32, - }; - init - }, - { - let mut init = cipher_s { - name: b"dhe_rsa_aes_256_cbc_sha_256\0" as *const u8 as *const libc::c_char, - num: 0x6b as i32, - }; - init - }, - { - let mut init = cipher_s { - name: b"ecdhe_ecdsa_aes_128_cbc_sha_256\0" as *const u8 as *const libc::c_char, - num: 0xc023 as i32, - }; - init - }, - { - let mut init = cipher_s { - name: b"ecdhe_rsa_aes_128_cbc_sha_256\0" as *const u8 as *const libc::c_char, - num: 0xc027 as i32, - }; - init - }, - { - let mut init = cipher_s { - name: b"rsa_aes_128_gcm_sha_256\0" as *const u8 as *const libc::c_char, - num: 0x9c as i32, - }; - init - }, - { - let mut init = cipher_s { - name: b"dhe_rsa_aes_128_gcm_sha_256\0" as *const u8 as *const libc::c_char, - num: 0x9e as i32, - }; - init - }, - { - let mut init = cipher_s { - name: b"dhe_dss_aes_128_gcm_sha_256\0" as *const u8 as *const libc::c_char, - num: 0xa2 as i32, - }; - init - }, - { - let mut init = cipher_s { - name: b"ecdhe_ecdsa_aes_128_gcm_sha_256\0" as *const u8 as *const libc::c_char, - num: 0xc02b as i32, - }; - init - }, - { - let mut init = cipher_s { - name: b"ecdh_ecdsa_aes_128_gcm_sha_256\0" as *const u8 as *const libc::c_char, - num: 0xc02d as i32, - }; - init - }, - { - let mut init = cipher_s { - name: b"ecdhe_rsa_aes_128_gcm_sha_256\0" as *const u8 as *const libc::c_char, - num: 0xc02f as i32, - }; - init - }, - { - let mut init = cipher_s { - name: b"ecdh_rsa_aes_128_gcm_sha_256\0" as *const u8 as *const libc::c_char, - num: 0xc031 as i32, - }; - init - }, - { - let mut init = cipher_s { - name: b"rsa_aes_256_gcm_sha_384\0" as *const u8 as *const libc::c_char, - num: 0x9d as i32, - }; - init - }, - { - let mut init = cipher_s { - name: b"dhe_rsa_aes_256_gcm_sha_384\0" as *const u8 as *const libc::c_char, - num: 0x9f as i32, - }; - init - }, - { - let mut init = cipher_s { - name: b"dhe_dss_aes_256_gcm_sha_384\0" as *const u8 as *const libc::c_char, - num: 0xa3 as i32, - }; - init - }, - { - let mut init = cipher_s { - name: b"ecdhe_ecdsa_aes_256_sha_384\0" as *const u8 as *const libc::c_char, - num: 0xc024 as i32, - }; - init - }, - { - let mut init = cipher_s { - name: b"ecdhe_rsa_aes_256_sha_384\0" as *const u8 as *const libc::c_char, - num: 0xc028 as i32, - }; - init - }, - { - let mut init = cipher_s { - name: b"ecdhe_ecdsa_aes_256_gcm_sha_384\0" as *const u8 as *const libc::c_char, - num: 0xc02c as i32, - }; - init - }, - { - let mut init = cipher_s { - name: b"ecdhe_rsa_aes_256_gcm_sha_384\0" as *const u8 as *const libc::c_char, - num: 0xc030 as i32, - }; - init - }, - { - let mut init = cipher_s { - name: b"ecdhe_rsa_chacha20_poly1305_sha_256\0" as *const u8 as *const libc::c_char, - num: 0xcca8 as i32, - }; - init - }, - { - let mut init = cipher_s { - name: b"ecdhe_ecdsa_chacha20_poly1305_sha_256\0" as *const u8 as *const libc::c_char, - num: 0xcca9 as i32, - }; - init - }, - { - let mut init = cipher_s { - name: b"dhe_rsa_chacha20_poly1305_sha_256\0" as *const u8 as *const libc::c_char, - num: 0xccaa as i32, - }; - init - }, - { - let mut init = cipher_s { - name: b"aes_128_gcm_sha_256\0" as *const u8 as *const libc::c_char, - num: 0x1301 as i32, - }; - init - }, - { - let mut init = cipher_s { - name: b"aes_256_gcm_sha_384\0" as *const u8 as *const libc::c_char, - num: 0x1302 as i32, - }; - init - }, - { - let mut init = cipher_s { - name: b"chacha20_poly1305_sha_256\0" as *const u8 as *const libc::c_char, - num: 0x1303 as i32, - }; - init - }, - { - let mut init = cipher_s { - name: b"dhe_dss_aes_128_sha_256\0" as *const u8 as *const libc::c_char, - num: 0x40 as i32, - }; - init - }, - { - let mut init = cipher_s { - name: b"dhe_dss_aes_256_sha_256\0" as *const u8 as *const libc::c_char, - num: 0x6a as i32, - }; - init - }, - { - let mut init = cipher_s { - name: b"dhe_rsa_camellia_128_sha\0" as *const u8 as *const libc::c_char, - num: 0x45 as i32, - }; - init - }, - { - let mut init = cipher_s { - name: b"dhe_dss_camellia_128_sha\0" as *const u8 as *const libc::c_char, - num: 0x44 as i32, - }; - init - }, - { - let mut init = cipher_s { - name: b"dhe_rsa_camellia_256_sha\0" as *const u8 as *const libc::c_char, - num: 0x88 as i32, - }; - init - }, - { - let mut init = cipher_s { - name: b"dhe_dss_camellia_256_sha\0" as *const u8 as *const libc::c_char, - num: 0x87 as i32, - }; - init - }, - { - let mut init = cipher_s { - name: b"rsa_camellia_128_sha\0" as *const u8 as *const libc::c_char, - num: 0x41 as i32, - }; - init - }, - { - let mut init = cipher_s { - name: b"rsa_camellia_256_sha\0" as *const u8 as *const libc::c_char, - num: 0x84 as i32, - }; - init - }, - { - let mut init = cipher_s { - name: b"rsa_seed_sha\0" as *const u8 as *const libc::c_char, - num: 0x96 as i32, - }; - init - }, - ]; - static mut pem_library: *const libc::c_char = b"libnsspem.so\0" as *const u8 as *const libc::c_char; - static mut trust_library: *const libc::c_char = - b"libnssckbi.so\0" as *const u8 as *const libc::c_char; - static mut pem_module: *mut SECMODModule = 0 as *const SECMODModule as *mut SECMODModule; - static mut trust_module: *mut SECMODModule = 0 as *const SECMODModule as *mut SECMODModule; - /* NSPR I/O layer we use to detect blocking direction during SSL handshake */ - static mut nspr_io_identity: PRDescIdentity = -(1 as i32); - static mut nspr_io_methods: PRIOMethods = PRIOMethods { - file_type: 0 as PRDescType, - close: None, - read: None, - write: None, - available: None, - available64: None, - fsync: None, - seek: None, - seek64: None, - fileInfo: None, - fileInfo64: None, - writev: None, - connect: None, - accept: None, - bind: None, - listen: None, - shutdown: None, - recv: None, - send: None, - recvfrom: None, - sendto: None, - poll: None, - acceptread: None, - transmitfile: None, - getsockname: None, - getpeername: None, - reserved_fn_6: None, - reserved_fn_5: None, - getsocketoption: None, - setsocketoption: None, - sendfile: None, - connectcontinue: None, - reserved_fn_3: None, - reserved_fn_2: None, - reserved_fn_1: None, - reserved_fn_0: None, - }; - extern "C" fn nss_error_to_name(mut code: PRErrorCode) -> *const libc::c_char { - unsafe{ - let mut name: *const libc::c_char = PR_ErrorToName(code); - if !name.is_null() { - return name; - } - return b"unknown error\0" as *const u8 as *const libc::c_char; - } - } - extern "C" fn nss_print_error_message(mut data: *mut Curl_easy, mut err: PRUint32) { - unsafe{ - Curl_failf( - data, - b"%s\0" as *const u8 as *const libc::c_char, - PR_ErrorToString(err as PRErrorCode, 0 as i32 as PRLanguageCode), - ); - } - } - extern "C" fn nss_sslver_to_name(mut nssver: PRUint16) -> *mut libc::c_char { - unsafe{ - match nssver as i32 { - 2 => { - #[cfg(not(CURLDEBUG))] - return Curl_cstrdup.expect("non-null function pointer")( - b"SSLv2\0" as *const u8 as *const libc::c_char, - ); - #[cfg(CURLDEBUG)] - return curl_dbg_strdup( - b"SSLv2\0" as *const u8 as *const libc::c_char, - 285 as libc::c_int, - b"vtls/nss.c\0" as *const u8 as *const libc::c_char, - ); - } - 768 => { - #[cfg(not(CURLDEBUG))] - return Curl_cstrdup.expect("non-null function pointer")( - b"SSLv3\0" as *const u8 as *const libc::c_char, - ); - #[cfg(CURLDEBUG)] - return curl_dbg_strdup( - b"SSLv3\0" as *const u8 as *const libc::c_char, - 287 as libc::c_int, - b"vtls/nss.c\0" as *const u8 as *const libc::c_char, - ); - } - 769 => { - #[cfg(not(CURLDEBUG))] - return Curl_cstrdup.expect("non-null function pointer")( - b"TLSv1.0\0" as *const u8 as *const libc::c_char, - ); - #[cfg(CURLDEBUG)] - return curl_dbg_strdup( - b"TLSv1.0\0" as *const u8 as *const libc::c_char, - 289 as libc::c_int, - b"vtls/nss.c\0" as *const u8 as *const libc::c_char, - ); - } - #[cfg(SSL_LIBRARY_VERSION_TLS_1_1)] - 770 => { - #[cfg(not(CURLDEBUG))] - return Curl_cstrdup.expect("non-null function pointer")( - b"TLSv1.1\0" as *const u8 as *const libc::c_char, - ); - #[cfg(CURLDEBUG)] - return curl_dbg_strdup( - b"TLSv1.1\0" as *const u8 as *const libc::c_char, - 292 as libc::c_int, - b"vtls/nss.c\0" as *const u8 as *const libc::c_char, - ); - } - #[cfg(SSL_LIBRARY_VERSION_TLS_1_2)] - 771 => { - #[cfg(not(CURLDEBUG))] - return Curl_cstrdup.expect("non-null function pointer")( - b"TLSv1.2\0" as *const u8 as *const libc::c_char, - ); - #[cfg(CURLDEBUG)] - return curl_dbg_strdup( - b"TLSv1.2\0" as *const u8 as *const libc::c_char, - 296 as libc::c_int, - b"vtls/nss.c\0" as *const u8 as *const libc::c_char, - ); - } - #[cfg(SSL_LIBRARY_VERSION_TLS_1_3)] - 772 => { - #[cfg(not(CURLDEBUG))] - return Curl_cstrdup.expect("non-null function pointer")( - b"TLSv1.3\0" as *const u8 as *const libc::c_char, - ); - #[cfg(CURLDEBUG)] - return curl_dbg_strdup( - b"TLSv1.3\0" as *const u8 as *const libc::c_char, - 300 as libc::c_int, - b"vtls/nss.c\0" as *const u8 as *const libc::c_char, - ); - } - _ => { - return curl_maprintf( - b"0x%04x\0" as *const u8 as *const libc::c_char, - nssver as i32, - ); - } - }; - - } - } - extern "C" fn set_ciphers( - mut data: *mut Curl_easy, - mut model: *mut PRFileDesc, - mut cipher_list: *mut libc::c_char, - ) -> SECStatus { - unsafe{ - let mut i: u32 = 0; - let mut cipher_state: [PRBool; 94] = [0; 94]; - let mut found: PRBool = 0; - let mut cipher: *mut libc::c_char = 0 as *mut libc::c_char; - /* use accessors to avoid dynamic linking issues after an update of NSS */ - let num_implemented_ciphers: PRUint16 = SSL_GetNumImplementedCiphers(); - let mut implemented_ciphers: *const PRUint16 = SSL_GetImplementedCiphers(); - if implemented_ciphers.is_null() { - return SECFailure; - } - i = 0 as u32; - /* First disable all ciphers. This uses a different max value in case - * NSS adds more ciphers later we don't want them available by - * accident - */ - while i < num_implemented_ciphers as u32 { - SSL_CipherPrefSet( - model, - *implemented_ciphers.offset(i as isize) as PRInt32, - 0 as i32, - ); - i = i.wrapping_add(1); - } - i = 0 as u32; - /* Set every entry in our list to false */ - while (i as u64) - < (::std::mem::size_of::<[cipher_s; 94]>() as u64) - .wrapping_div(::std::mem::size_of::() as u64) - { - cipher_state[i as usize] = 0 as i32; - i = i.wrapping_add(1); - } - cipher = cipher_list; - while !cipher_list.is_null() - && *cipher_list.offset(0 as isize) as i32 != 0 - { - while *cipher as i32 != 0 - && Curl_isspace(*cipher as i32) != 0 - { - cipher = cipher.offset(1); - } - cipher_list = strpbrk(cipher, b":, \0" as *const u8 as *const libc::c_char); - if !cipher_list.is_null() { - let fresh0 = cipher_list; - cipher_list = cipher_list.offset(1); - *fresh0 = '\u{0}' as libc::c_char; - } - found = 0 as i32; - i = 0 as u32; - while (i as u64) - < (::std::mem::size_of::<[cipher_s; 94]>() as u64) - .wrapping_div(::std::mem::size_of::() as u64) - { - if Curl_strcasecompare(cipher, cipherlist[i as usize].name) != 0 { - cipher_state[i as usize] = 1 as i32; - found = 1 as i32; - break; - } else { - i = i.wrapping_add(1); - } - } - if found == 0 as i32 { - Curl_failf( - data, - b"Unknown cipher in list: %s\0" as *const u8 as *const libc::c_char, - cipher, - ); - return SECFailure; - } - if !cipher_list.is_null() { - cipher = cipher_list; - } - } - i = 0 as u32; - while (i as u64) - < (::std::mem::size_of::<[cipher_s; 94]>() as u64) - .wrapping_div(::std::mem::size_of::() as u64) - { - if !(cipher_state[i as usize] == 0) { - if SSL_CipherPrefSet(model, cipherlist[i as usize].num, 1 as i32) as i32 - != SECSuccess as i32 - { - Curl_failf( - data, - b"cipher-suite not supported by NSS: %s\0" as *const u8 as *const libc::c_char, - cipherlist[i as usize].name, - ); - return SECFailure; - } - } - i = i.wrapping_add(1); - } - return SECSuccess; - - } - } - - - /* - * Return true if at least one cipher-suite is enabled. Used to determine - * if we need to call NSS_SetDomesticPolicy() to enable the default ciphers. - */ - extern "C" fn any_cipher_enabled() -> bool { - unsafe{ - let mut i: u32 = 0; - i = 0 as u32; - while (i as u64) - < (::std::mem::size_of::<[cipher_s; 94]>() as u64) - .wrapping_div(::std::mem::size_of::() as u64) - { - let mut policy: PRInt32 = 0 as i32; - SSL_CipherPolicyGet(cipherlist[i as usize].num, &mut policy); - if policy != 0 { - return 1 as i32 != 0; - } - i = i.wrapping_add(1); - } - return 0 as i32 != 0; - } - } - - /* - * Determine whether the nickname passed in is a filename that needs to - * be loaded as a PEM or a regular NSS nickname. - * - * returns 1 for a file - * returns 0 for not a file (NSS nickname) - */ - extern "C" fn is_file(mut filename: *const libc::c_char) -> i32 { - unsafe{ - let mut st: stat = stat { - st_dev: 0, - st_ino: 0, - st_nlink: 0, - st_mode: 0, - st_uid: 0, - st_gid: 0, - __pad0: 0, - st_rdev: 0, - st_size: 0, - st_blksize: 0, - st_blocks: 0, - st_atim: timespec { - tv_sec: 0, - tv_nsec: 0, - }, - st_mtim: timespec { - tv_sec: 0, - tv_nsec: 0, - }, - st_ctim: timespec { - tv_sec: 0, - tv_nsec: 0, - }, - __glibc_reserved: [0; 3], - }; - if filename.is_null() { - return 0 as i32; - } - if stat(filename, &mut st) == 0 as i32 { - if st.st_mode & 0o170000 as u32 - == 0o100000 as u32 - || st.st_mode & 0o170000 as u32 - == 0o10000 as u32 - || st.st_mode & 0o170000 as u32 - == 0o20000 as u32 - { - return 1 as i32; - } - } - return 0 as i32; - } - } - - /* Check if the given string is filename or nickname of a certificate. If the - * given string is recognized as filename, return NULL. If the given string is - * recognized as nickname, return a duplicated string. The returned string - * should be later deallocated using free(). If the OOM failure occurs, we - * return NULL, too. - */ - extern "C" fn dup_nickname( - mut data: *mut Curl_easy, - mut str: *const libc::c_char, - ) -> *mut libc::c_char { - unsafe{ - let mut n: *const libc::c_char = 0 as *const libc::c_char; - if is_file(str) == 0 { - /* no such file exists, use the string as nickname */ - #[cfg(not(CURLDEBUG))] - return Curl_cstrdup.expect("non-null function pointer")(str); - - #[cfg(CURLDEBUG)] - return curl_dbg_strdup( - str, - 430 as libc::c_int, - b"vtls/nss.c\0" as *const u8 as *const libc::c_char, - ); - } - /* search the first slash; we require at least one slash in a file name */ - n = strchr(str, '/' as i32); - if n.is_null() { - Curl_infof( +use crate::src::vtls::vtls::*; +use ::libc; +use rust_ffi::src::ffi_alias::type_alias::*; +use rust_ffi::src::ffi_fun::fun_call::*; +use rust_ffi::src::ffi_struct::struct_define::*; + +#[inline] +extern "C" fn stat(mut __path: *const libc::c_char, mut __statbuf: *mut stat) -> i32 { + unsafe { + return __xstat(1 as i32, __path, __statbuf); + } +} +static mut nss_initlock: *mut PRLock = 0 as *const PRLock as *mut PRLock; +static mut nss_crllock: *mut PRLock = 0 as *const PRLock as *mut PRLock; +static mut nss_findslot_lock: *mut PRLock = 0 as *const PRLock as *mut PRLock; +static mut nss_trustload_lock: *mut PRLock = 0 as *const PRLock as *mut PRLock; +static mut nss_crl_list: Curl_llist = Curl_llist { + head: 0 as *const Curl_llist_element as *mut Curl_llist_element, + tail: 0 as *const Curl_llist_element as *mut Curl_llist_element, + dtor: None, + size: 0, +}; +static mut nss_context: *mut NSSInitContext = 0 as *const NSSInitContext as *mut NSSInitContext; +static mut initialized: i32 = 0 as i32; +static mut cipherlist: [cipher_s; 94] = [ + cipher_s { + name: b"rc4\0" as *const u8 as *const libc::c_char, + num: 0xff01 as i32, + }, + cipher_s { + name: b"rc4-md5\0" as *const u8 as *const libc::c_char, + num: 0xff01 as i32, + }, + cipher_s { + name: b"rc4export\0" as *const u8 as *const libc::c_char, + num: 0xff02 as i32, + }, + cipher_s { + name: b"rc2\0" as *const u8 as *const libc::c_char, + num: 0xff03 as i32, + }, + cipher_s { + name: b"rc2export\0" as *const u8 as *const libc::c_char, + num: 0xff04 as i32, + }, + cipher_s { + name: b"des\0" as *const u8 as *const libc::c_char, + num: 0xff06 as i32, + }, + cipher_s { + name: b"desede3\0" as *const u8 as *const libc::c_char, + num: 0xff07 as i32, + }, + cipher_s { + name: b"rsa_rc4_128_md5\0" as *const u8 as *const libc::c_char, + num: 0x4 as i32, + }, + cipher_s { + name: b"rsa_rc4_128_sha\0" as *const u8 as *const libc::c_char, + num: 0x5 as i32, + }, + cipher_s { + name: b"rsa_3des_sha\0" as *const u8 as *const libc::c_char, + num: 0xa as i32, + }, + cipher_s { + name: b"rsa_des_sha\0" as *const u8 as *const libc::c_char, + num: 0x9 as i32, + }, + cipher_s { + name: b"rsa_rc4_40_md5\0" as *const u8 as *const libc::c_char, + num: 0x3 as i32, + }, + cipher_s { + name: b"rsa_rc2_40_md5\0" as *const u8 as *const libc::c_char, + num: 0x6 as i32, + }, + cipher_s { + name: b"rsa_null_md5\0" as *const u8 as *const libc::c_char, + num: 0x1 as i32, + }, + cipher_s { + name: b"rsa_null_sha\0" as *const u8 as *const libc::c_char, + num: 0x2 as i32, + }, + cipher_s { + name: b"fips_3des_sha\0" as *const u8 as *const libc::c_char, + num: 0xfeff as i32, + }, + cipher_s { + name: b"fips_des_sha\0" as *const u8 as *const libc::c_char, + num: 0xfefe as i32, + }, + cipher_s { + name: b"fortezza\0" as *const u8 as *const libc::c_char, + num: 0x1d as i32, + }, + cipher_s { + name: b"fortezza_rc4_128_sha\0" as *const u8 as *const libc::c_char, + num: 0x1e as i32, + }, + cipher_s { + name: b"fortezza_null\0" as *const u8 as *const libc::c_char, + num: 0x1c as i32, + }, + cipher_s { + name: b"dhe_rsa_3des_sha\0" as *const u8 as *const libc::c_char, + num: 0x16 as i32, + }, + cipher_s { + name: b"dhe_dss_3des_sha\0" as *const u8 as *const libc::c_char, + num: 0x13 as i32, + }, + cipher_s { + name: b"dhe_rsa_des_sha\0" as *const u8 as *const libc::c_char, + num: 0x15 as i32, + }, + cipher_s { + name: b"dhe_dss_des_sha\0" as *const u8 as *const libc::c_char, + num: 0x12 as i32, + }, + cipher_s { + name: b"rsa_des_56_sha\0" as *const u8 as *const libc::c_char, + num: 0x62 as i32, + }, + cipher_s { + name: b"rsa_rc4_56_sha\0" as *const u8 as *const libc::c_char, + num: 0x64 as i32, + }, + cipher_s { + name: b"dhe_dss_rc4_128_sha\0" as *const u8 as *const libc::c_char, + num: 0x66 as i32, + }, + cipher_s { + name: b"dhe_dss_aes_128_cbc_sha\0" as *const u8 as *const libc::c_char, + num: 0x32 as i32, + }, + cipher_s { + name: b"dhe_dss_aes_256_cbc_sha\0" as *const u8 as *const libc::c_char, + num: 0x38 as i32, + }, + cipher_s { + name: b"dhe_rsa_aes_128_cbc_sha\0" as *const u8 as *const libc::c_char, + num: 0x33 as i32, + }, + cipher_s { + name: b"dhe_rsa_aes_256_cbc_sha\0" as *const u8 as *const libc::c_char, + num: 0x39 as i32, + }, + cipher_s { + name: b"rsa_aes_128_sha\0" as *const u8 as *const libc::c_char, + num: 0x2f as i32, + }, + cipher_s { + name: b"rsa_aes_256_sha\0" as *const u8 as *const libc::c_char, + num: 0x35 as i32, + }, + cipher_s { + name: b"ecdh_ecdsa_null_sha\0" as *const u8 as *const libc::c_char, + num: 0xc001 as i32, + }, + cipher_s { + name: b"ecdh_ecdsa_rc4_128_sha\0" as *const u8 as *const libc::c_char, + num: 0xc002 as i32, + }, + cipher_s { + name: b"ecdh_ecdsa_3des_sha\0" as *const u8 as *const libc::c_char, + num: 0xc003 as i32, + }, + cipher_s { + name: b"ecdh_ecdsa_aes_128_sha\0" as *const u8 as *const libc::c_char, + num: 0xc004 as i32, + }, + cipher_s { + name: b"ecdh_ecdsa_aes_256_sha\0" as *const u8 as *const libc::c_char, + num: 0xc005 as i32, + }, + cipher_s { + name: b"ecdhe_ecdsa_null_sha\0" as *const u8 as *const libc::c_char, + num: 0xc006 as i32, + }, + cipher_s { + name: b"ecdhe_ecdsa_rc4_128_sha\0" as *const u8 as *const libc::c_char, + num: 0xc007 as i32, + }, + cipher_s { + name: b"ecdhe_ecdsa_3des_sha\0" as *const u8 as *const libc::c_char, + num: 0xc008 as i32, + }, + cipher_s { + name: b"ecdhe_ecdsa_aes_128_sha\0" as *const u8 as *const libc::c_char, + num: 0xc009 as i32, + }, + cipher_s { + name: b"ecdhe_ecdsa_aes_256_sha\0" as *const u8 as *const libc::c_char, + num: 0xc00a as i32, + }, + cipher_s { + name: b"ecdh_rsa_null_sha\0" as *const u8 as *const libc::c_char, + num: 0xc00b as i32, + }, + cipher_s { + name: b"ecdh_rsa_128_sha\0" as *const u8 as *const libc::c_char, + num: 0xc00c as i32, + }, + cipher_s { + name: b"ecdh_rsa_3des_sha\0" as *const u8 as *const libc::c_char, + num: 0xc00d as i32, + }, + cipher_s { + name: b"ecdh_rsa_aes_128_sha\0" as *const u8 as *const libc::c_char, + num: 0xc00e as i32, + }, + cipher_s { + name: b"ecdh_rsa_aes_256_sha\0" as *const u8 as *const libc::c_char, + num: 0xc00f as i32, + }, + cipher_s { + name: b"ecdhe_rsa_null\0" as *const u8 as *const libc::c_char, + num: 0xc010 as i32, + }, + cipher_s { + name: b"ecdhe_rsa_rc4_128_sha\0" as *const u8 as *const libc::c_char, + num: 0xc011 as i32, + }, + cipher_s { + name: b"ecdhe_rsa_3des_sha\0" as *const u8 as *const libc::c_char, + num: 0xc012 as i32, + }, + cipher_s { + name: b"ecdhe_rsa_aes_128_sha\0" as *const u8 as *const libc::c_char, + num: 0xc013 as i32, + }, + cipher_s { + name: b"ecdhe_rsa_aes_256_sha\0" as *const u8 as *const libc::c_char, + num: 0xc014 as i32, + }, + cipher_s { + name: b"ecdh_anon_null_sha\0" as *const u8 as *const libc::c_char, + num: 0xc015 as i32, + }, + cipher_s { + name: b"ecdh_anon_rc4_128sha\0" as *const u8 as *const libc::c_char, + num: 0xc016 as i32, + }, + cipher_s { + name: b"ecdh_anon_3des_sha\0" as *const u8 as *const libc::c_char, + num: 0xc017 as i32, + }, + cipher_s { + name: b"ecdh_anon_aes_128_sha\0" as *const u8 as *const libc::c_char, + num: 0xc018 as i32, + }, + cipher_s { + name: b"ecdh_anon_aes_256_sha\0" as *const u8 as *const libc::c_char, + num: 0xc019 as i32, + }, + cipher_s { + name: b"rsa_null_sha_256\0" as *const u8 as *const libc::c_char, + num: 0x3b as i32, + }, + cipher_s { + name: b"rsa_aes_128_cbc_sha_256\0" as *const u8 as *const libc::c_char, + num: 0x3c as i32, + }, + cipher_s { + name: b"rsa_aes_256_cbc_sha_256\0" as *const u8 as *const libc::c_char, + num: 0x3d as i32, + }, + cipher_s { + name: b"dhe_rsa_aes_128_cbc_sha_256\0" as *const u8 as *const libc::c_char, + num: 0x67 as i32, + }, + cipher_s { + name: b"dhe_rsa_aes_256_cbc_sha_256\0" as *const u8 as *const libc::c_char, + num: 0x6b as i32, + }, + cipher_s { + name: b"ecdhe_ecdsa_aes_128_cbc_sha_256\0" as *const u8 as *const libc::c_char, + num: 0xc023 as i32, + }, + cipher_s { + name: b"ecdhe_rsa_aes_128_cbc_sha_256\0" as *const u8 as *const libc::c_char, + num: 0xc027 as i32, + }, + cipher_s { + name: b"rsa_aes_128_gcm_sha_256\0" as *const u8 as *const libc::c_char, + num: 0x9c as i32, + }, + cipher_s { + name: b"dhe_rsa_aes_128_gcm_sha_256\0" as *const u8 as *const libc::c_char, + num: 0x9e as i32, + }, + cipher_s { + name: b"dhe_dss_aes_128_gcm_sha_256\0" as *const u8 as *const libc::c_char, + num: 0xa2 as i32, + }, + cipher_s { + name: b"ecdhe_ecdsa_aes_128_gcm_sha_256\0" as *const u8 as *const libc::c_char, + num: 0xc02b as i32, + }, + cipher_s { + name: b"ecdh_ecdsa_aes_128_gcm_sha_256\0" as *const u8 as *const libc::c_char, + num: 0xc02d as i32, + }, + cipher_s { + name: b"ecdhe_rsa_aes_128_gcm_sha_256\0" as *const u8 as *const libc::c_char, + num: 0xc02f as i32, + }, + cipher_s { + name: b"ecdh_rsa_aes_128_gcm_sha_256\0" as *const u8 as *const libc::c_char, + num: 0xc031 as i32, + }, + cipher_s { + name: b"rsa_aes_256_gcm_sha_384\0" as *const u8 as *const libc::c_char, + num: 0x9d as i32, + }, + cipher_s { + name: b"dhe_rsa_aes_256_gcm_sha_384\0" as *const u8 as *const libc::c_char, + num: 0x9f as i32, + }, + cipher_s { + name: b"dhe_dss_aes_256_gcm_sha_384\0" as *const u8 as *const libc::c_char, + num: 0xa3 as i32, + }, + cipher_s { + name: b"ecdhe_ecdsa_aes_256_sha_384\0" as *const u8 as *const libc::c_char, + num: 0xc024 as i32, + }, + cipher_s { + name: b"ecdhe_rsa_aes_256_sha_384\0" as *const u8 as *const libc::c_char, + num: 0xc028 as i32, + }, + cipher_s { + name: b"ecdhe_ecdsa_aes_256_gcm_sha_384\0" as *const u8 as *const libc::c_char, + num: 0xc02c as i32, + }, + cipher_s { + name: b"ecdhe_rsa_aes_256_gcm_sha_384\0" as *const u8 as *const libc::c_char, + num: 0xc030 as i32, + }, + cipher_s { + name: b"ecdhe_rsa_chacha20_poly1305_sha_256\0" as *const u8 as *const libc::c_char, + num: 0xcca8 as i32, + }, + cipher_s { + name: b"ecdhe_ecdsa_chacha20_poly1305_sha_256\0" as *const u8 as *const libc::c_char, + num: 0xcca9 as i32, + }, + cipher_s { + name: b"dhe_rsa_chacha20_poly1305_sha_256\0" as *const u8 as *const libc::c_char, + num: 0xccaa as i32, + }, + cipher_s { + name: b"aes_128_gcm_sha_256\0" as *const u8 as *const libc::c_char, + num: 0x1301 as i32, + }, + cipher_s { + name: b"aes_256_gcm_sha_384\0" as *const u8 as *const libc::c_char, + num: 0x1302 as i32, + }, + cipher_s { + name: b"chacha20_poly1305_sha_256\0" as *const u8 as *const libc::c_char, + num: 0x1303 as i32, + }, + cipher_s { + name: b"dhe_dss_aes_128_sha_256\0" as *const u8 as *const libc::c_char, + num: 0x40 as i32, + }, + cipher_s { + name: b"dhe_dss_aes_256_sha_256\0" as *const u8 as *const libc::c_char, + num: 0x6a as i32, + }, + cipher_s { + name: b"dhe_rsa_camellia_128_sha\0" as *const u8 as *const libc::c_char, + num: 0x45 as i32, + }, + cipher_s { + name: b"dhe_dss_camellia_128_sha\0" as *const u8 as *const libc::c_char, + num: 0x44 as i32, + }, + cipher_s { + name: b"dhe_rsa_camellia_256_sha\0" as *const u8 as *const libc::c_char, + num: 0x88 as i32, + }, + cipher_s { + name: b"dhe_dss_camellia_256_sha\0" as *const u8 as *const libc::c_char, + num: 0x87 as i32, + }, + cipher_s { + name: b"rsa_camellia_128_sha\0" as *const u8 as *const libc::c_char, + num: 0x41 as i32, + }, + cipher_s { + name: b"rsa_camellia_256_sha\0" as *const u8 as *const libc::c_char, + num: 0x84 as i32, + }, + cipher_s { + name: b"rsa_seed_sha\0" as *const u8 as *const libc::c_char, + num: 0x96 as i32, + }, +]; +static mut pem_library: *const libc::c_char = b"libnsspem.so\0" as *const u8 as *const libc::c_char; +static mut trust_library: *const libc::c_char = + b"libnssckbi.so\0" as *const u8 as *const libc::c_char; +static mut pem_module: *mut SECMODModule = 0 as *const SECMODModule as *mut SECMODModule; +static mut trust_module: *mut SECMODModule = 0 as *const SECMODModule as *mut SECMODModule; +/* NSPR I/O layer we use to detect blocking direction during SSL handshake */ +static mut nspr_io_identity: PRDescIdentity = -(1 as i32); +static mut nspr_io_methods: PRIOMethods = PRIOMethods { + file_type: 0 as PRDescType, + close: None, + read: None, + write: None, + available: None, + available64: None, + fsync: None, + seek: None, + seek64: None, + fileInfo: None, + fileInfo64: None, + writev: None, + connect: None, + accept: None, + bind: None, + listen: None, + shutdown: None, + recv: None, + send: None, + recvfrom: None, + sendto: None, + poll: None, + acceptread: None, + transmitfile: None, + getsockname: None, + getpeername: None, + reserved_fn_6: None, + reserved_fn_5: None, + getsocketoption: None, + setsocketoption: None, + sendfile: None, + connectcontinue: None, + reserved_fn_3: None, + reserved_fn_2: None, + reserved_fn_1: None, + reserved_fn_0: None, +}; +extern "C" fn nss_error_to_name(mut code: PRErrorCode) -> *const libc::c_char { + let mut name: *const libc::c_char = unsafe { PR_ErrorToName(code) }; + if !name.is_null() { + return name; + } + return b"unknown error\0" as *const u8 as *const libc::c_char; +} +extern "C" fn nss_print_error_message(mut data: *mut Curl_easy, mut err: PRUint32) { + unsafe { + Curl_failf( + data, + b"%s\0" as *const u8 as *const libc::c_char, + PR_ErrorToString(err as PRErrorCode, 0 as i32 as PRLanguageCode), + ); + } +} +extern "C" fn nss_sslver_to_name(mut nssver: PRUint16) -> *mut libc::c_char { + unsafe { + match nssver as i32 { + 2 => { + #[cfg(not(CURLDEBUG))] + return Curl_cstrdup.expect("non-null function pointer")( + b"SSLv2\0" as *const u8 as *const libc::c_char, + ); + #[cfg(CURLDEBUG)] + return curl_dbg_strdup( + b"SSLv2\0" as *const u8 as *const libc::c_char, + 285 as libc::c_int, + b"vtls/nss.c\0" as *const u8 as *const libc::c_char, + ); + } + 768 => { + #[cfg(not(CURLDEBUG))] + return Curl_cstrdup.expect("non-null function pointer")( + b"SSLv3\0" as *const u8 as *const libc::c_char, + ); + #[cfg(CURLDEBUG)] + return curl_dbg_strdup( + b"SSLv3\0" as *const u8 as *const libc::c_char, + 287 as libc::c_int, + b"vtls/nss.c\0" as *const u8 as *const libc::c_char, + ); + } + 769 => { + #[cfg(not(CURLDEBUG))] + return Curl_cstrdup.expect("non-null function pointer")( + b"TLSv1.0\0" as *const u8 as *const libc::c_char, + ); + #[cfg(CURLDEBUG)] + return curl_dbg_strdup( + b"TLSv1.0\0" as *const u8 as *const libc::c_char, + 289 as libc::c_int, + b"vtls/nss.c\0" as *const u8 as *const libc::c_char, + ); + } + #[cfg(SSL_LIBRARY_VERSION_TLS_1_1)] + 770 => { + #[cfg(not(CURLDEBUG))] + return Curl_cstrdup.expect("non-null function pointer")( + b"TLSv1.1\0" as *const u8 as *const libc::c_char, + ); + #[cfg(CURLDEBUG)] + return curl_dbg_strdup( + b"TLSv1.1\0" as *const u8 as *const libc::c_char, + 292 as libc::c_int, + b"vtls/nss.c\0" as *const u8 as *const libc::c_char, + ); + } + #[cfg(SSL_LIBRARY_VERSION_TLS_1_2)] + 771 => { + #[cfg(not(CURLDEBUG))] + return Curl_cstrdup.expect("non-null function pointer")( + b"TLSv1.2\0" as *const u8 as *const libc::c_char, + ); + #[cfg(CURLDEBUG)] + return curl_dbg_strdup( + b"TLSv1.2\0" as *const u8 as *const libc::c_char, + 296 as libc::c_int, + b"vtls/nss.c\0" as *const u8 as *const libc::c_char, + ); + } + #[cfg(SSL_LIBRARY_VERSION_TLS_1_3)] + 772 => { + #[cfg(not(CURLDEBUG))] + return Curl_cstrdup.expect("non-null function pointer")( + b"TLSv1.3\0" as *const u8 as *const libc::c_char, + ); + #[cfg(CURLDEBUG)] + return curl_dbg_strdup( + b"TLSv1.3\0" as *const u8 as *const libc::c_char, + 300 as libc::c_int, + b"vtls/nss.c\0" as *const u8 as *const libc::c_char, + ); + } + _ => { + return curl_maprintf( + b"0x%04x\0" as *const u8 as *const libc::c_char, + nssver as i32, + ); + } + }; + } +} +extern "C" fn set_ciphers( + mut data: *mut Curl_easy, + mut model: *mut PRFileDesc, + mut cipher_list: *mut libc::c_char, +) -> SECStatus { + let mut i: u32 = 0; + let mut cipher_state: [PRBool; 94] = [0; 94]; + let mut found: PRBool = 0; + let mut cipher: *mut libc::c_char = 0 as *mut libc::c_char; + /* use accessors to avoid dynamic linking issues after an update of NSS */ + let num_implemented_ciphers: PRUint16 = unsafe { SSL_GetNumImplementedCiphers() }; + let mut implemented_ciphers: *const PRUint16 = unsafe { SSL_GetImplementedCiphers() }; + if implemented_ciphers.is_null() { + return SECFailure; + } + i = 0 as u32; + /* First disable all ciphers. This uses a different max value in case + * NSS adds more ciphers later we don't want them available by + * accident + */ + while i < num_implemented_ciphers as u32 { + unsafe { + SSL_CipherPrefSet( + model, + *implemented_ciphers.offset(i as isize) as PRInt32, + 0 as i32, + ); + } + i = i.wrapping_add(1); + } + i = 0 as u32; + /* Set every entry in our list to false */ + while (i as u64) + < (::std::mem::size_of::<[cipher_s; 94]>() as u64) + .wrapping_div(::std::mem::size_of::() as u64) + { + cipher_state[i as usize] = 0 as i32; + i = i.wrapping_add(1); + } + cipher = cipher_list; + while !cipher_list.is_null() && unsafe { *cipher_list.offset(0 as isize) as i32 } != 0 { + while unsafe { *cipher as i32 != 0 && Curl_isspace(*cipher as i32) != 0 } { + cipher = unsafe { cipher.offset(1) }; + } + cipher_list = unsafe { strpbrk(cipher, b":, \0" as *const u8 as *const libc::c_char) }; + if !cipher_list.is_null() { + let fresh0 = cipher_list; + unsafe { + cipher_list = cipher_list.offset(1); + *fresh0 = '\u{0}' as libc::c_char; + } + } + found = 0 as i32; + i = 0 as u32; + while (i as u64) + < (::std::mem::size_of::<[cipher_s; 94]>() as u64) + .wrapping_div(::std::mem::size_of::() as u64) + { + if unsafe { Curl_strcasecompare(cipher, cipherlist[i as usize].name) } != 0 { + cipher_state[i as usize] = 1 as i32; + found = 1 as i32; + break; + } else { + i = i.wrapping_add(1); + } + } + if found == 0 as i32 { + unsafe { + Curl_failf( + data, + b"Unknown cipher in list: %s\0" as *const u8 as *const libc::c_char, + cipher, + ); + } + return SECFailure; + } + if !cipher_list.is_null() { + cipher = cipher_list; + } + } + i = 0 as u32; + while (i as u64) + < (::std::mem::size_of::<[cipher_s; 94]>() as u64) + .wrapping_div(::std::mem::size_of::() as u64) + { + if !(cipher_state[i as usize] == 0) { + if unsafe { + SSL_CipherPrefSet(model, cipherlist[i as usize].num, 1 as i32) as i32 + != SECSuccess as i32 + } { + unsafe { + Curl_failf( + data, + b"cipher-suite not supported by NSS: %s\0" as *const u8 + as *const libc::c_char, + cipherlist[i as usize].name, + ); + } + return SECFailure; + } + } + i = i.wrapping_add(1); + } + return SECSuccess; +} + +/* + * Return true if at least one cipher-suite is enabled. Used to determine + * if we need to call NSS_SetDomesticPolicy() to enable the default ciphers. + */ +extern "C" fn any_cipher_enabled() -> bool { + let mut i: u32 = 0; + i = 0 as u32; + while (i as u64) + < (::std::mem::size_of::<[cipher_s; 94]>() as u64) + .wrapping_div(::std::mem::size_of::() as u64) + { + let mut policy: PRInt32 = 0 as i32; + unsafe { + SSL_CipherPolicyGet(cipherlist[i as usize].num, &mut policy); + } + if policy != 0 { + return 1 as i32 != 0; + } + i = i.wrapping_add(1); + } + return 0 as i32 != 0; +} + +/* + * Determine whether the nickname passed in is a filename that needs to + * be loaded as a PEM or a regular NSS nickname. + * + * returns 1 for a file + * returns 0 for not a file (NSS nickname) + */ +extern "C" fn is_file(mut filename: *const libc::c_char) -> i32 { + let mut st: stat = stat { + st_dev: 0, + st_ino: 0, + st_nlink: 0, + st_mode: 0, + st_uid: 0, + st_gid: 0, + __pad0: 0, + st_rdev: 0, + st_size: 0, + st_blksize: 0, + st_blocks: 0, + st_atim: timespec { + tv_sec: 0, + tv_nsec: 0, + }, + st_mtim: timespec { + tv_sec: 0, + tv_nsec: 0, + }, + st_ctim: timespec { + tv_sec: 0, + tv_nsec: 0, + }, + __glibc_reserved: [0; 3], + }; + if filename.is_null() { + return 0 as i32; + } + if stat(filename, &mut st) == 0 as i32 { + if st.st_mode & 0o170000 as u32 == 0o100000 as u32 + || st.st_mode & 0o170000 as u32 == 0o10000 as u32 + || st.st_mode & 0o170000 as u32 == 0o20000 as u32 + { + return 1 as i32; + } + } + return 0 as i32; +} + +/* Check if the given string is filename or nickname of a certificate. If the + * given string is recognized as filename, return NULL. If the given string is + * recognized as nickname, return a duplicated string. The returned string + * should be later deallocated using free(). If the OOM failure occurs, we + * return NULL, too. + */ +extern "C" fn dup_nickname( + mut data: *mut Curl_easy, + mut str: *const libc::c_char, +) -> *mut libc::c_char { + let mut n: *const libc::c_char = 0 as *const libc::c_char; + if is_file(str) == 0 { + /* no such file exists, use the string as nickname */ + #[cfg(not(CURLDEBUG))] + return unsafe { Curl_cstrdup.expect("non-null function pointer")(str) }; + + #[cfg(CURLDEBUG)] + return unsafe { + curl_dbg_strdup( + str, + 430 as libc::c_int, + b"vtls/nss.c\0" as *const u8 as *const libc::c_char, + ) + }; + } + /* search the first slash; we require at least one slash in a file name */ + n = unsafe { strchr(str, '/' as i32) }; + if n.is_null() { + unsafe { + Curl_infof( data, b"warning: certificate file name \"%s\" handled as nickname; please use \"./%s\" to force file name\0" as *const u8 as *const libc::c_char, str, str, ); - #[cfg(not(CURLDEBUG))] - return Curl_cstrdup.expect("non-null function pointer")(str); - #[cfg(CURLDEBUG)] - return curl_dbg_strdup( - str, - 437 as libc::c_int, - b"vtls/nss.c\0" as *const u8 as *const libc::c_char, - ); - } - return 0 as *mut libc::c_char; - } - /* we'll use the PEM reader to read the certificate from file */ - } - - - /* Lock/unlock wrapper for PK11_FindSlotByName() to work around race condition - * in nssSlot_IsTokenPresent() causing spurious SEC_ERROR_NO_TOKEN. For more - * details, go to . - */ - extern "C" fn nss_find_slot_by_name( - mut slot_name: *const libc::c_char, - ) -> *mut PK11SlotInfo { - unsafe{ - let mut slot: *mut PK11SlotInfo = 0 as *mut PK11SlotInfo; - PR_Lock(nss_findslot_lock); - slot = PK11_FindSlotByName(slot_name); - PR_Unlock(nss_findslot_lock); - return slot; - } - } - /* wrap 'ptr' as list node and tail-insert into 'list' */ - extern "C" fn insert_wrapped_ptr( - mut list: *mut Curl_llist, - mut ptr: *mut libc::c_void, - ) -> CURLcode { - unsafe{ - - #[cfg(not(CURLDEBUG))] - let mut wrap: *mut ptr_list_wrap = Curl_cmalloc.expect("non-null function pointer")( - ::std::mem::size_of::() as u64, - ) as *mut ptr_list_wrap; - #[cfg(CURLDEBUG)] - let mut wrap: *mut ptr_list_wrap = curl_dbg_malloc( - ::std::mem::size_of::() as libc::c_ulong, - 460 as libc::c_int, - b"vtls/nss.c\0" as *const u8 as *const libc::c_char, - ) as *mut ptr_list_wrap; - if wrap.is_null() { - return CURLE_OUT_OF_MEMORY; - } - (*wrap).ptr = ptr; - Curl_llist_insert_next( - list, - (*list).tail, - wrap as *const libc::c_void, - &mut (*wrap).node, - ); - return CURLE_OK; - } - } - /* Call PK11_CreateGenericObject() with the given obj_class and filename. If - * the call succeeds, append the object handle to the list of objects so that - * the object can be destroyed in nss_close(). */ - extern "C" fn nss_create_object( - mut connssl: *mut ssl_connect_data, - mut obj_class: CK_OBJECT_CLASS, - mut filename: *const libc::c_char, - mut cacert: bool, - ) -> CURLcode { - unsafe{ - let mut slot: *mut PK11SlotInfo = 0 as *mut PK11SlotInfo; - let mut obj: *mut PK11GenericObject = 0 as *mut PK11GenericObject; - let mut cktrue: CK_BBOOL = 1 as i32 as CK_BBOOL; - let mut ckfalse: CK_BBOOL = 0 as i32 as CK_BBOOL; - let mut attrs: [CK_ATTRIBUTE; 4] = [CK_ATTRIBUTE { - type_0: 0, - pValue: 0 as *mut libc::c_void, - ulValueLen: 0, - }; 4]; - let mut attr_cnt: i32 = 0 as i32; - let mut result: CURLcode = (if cacert as i32 != 0 { - CURLE_SSL_CACERT_BADFILE as i32 - } else { - CURLE_SSL_CERTPROBLEM as i32 - }) as CURLcode; - let slot_id: i32 = if cacert as i32 != 0 { - 0 as i32 - } else { - 1 as i32 - }; - let mut slot_name: *mut libc::c_char = curl_maprintf( - b"PEM Token #%d\0" as *const u8 as *const libc::c_char, - slot_id, - ); - let mut backend: *mut ssl_backend_data = (*connssl).backend; - if slot_name.is_null() { - return CURLE_OUT_OF_MEMORY; - } - slot = nss_find_slot_by_name(slot_name); - #[cfg(not(CURLDEBUG))] - Curl_cfree.expect("non-null function pointer")(slot_name as *mut libc::c_void); - - #[cfg(CURLDEBUG)] - curl_dbg_free( - slot_name as *mut libc::c_void, - 493 as libc::c_int, - b"vtls/nss.c\0" as *const u8 as *const libc::c_char, - ); - if slot.is_null() { - return result; - } - attr_cnt = attr_cnt + 1; - let mut ptr: *mut CK_ATTRIBUTE = attrs.as_mut_ptr().offset(attr_cnt as isize); - (*ptr).type_0 = 0 as CK_ATTRIBUTE_TYPE; - (*ptr).pValue = &mut obj_class as *mut CK_OBJECT_CLASS as CK_VOID_PTR; - (*ptr).ulValueLen = ::std::mem::size_of::() as u64; - attr_cnt = attr_cnt + 1; - let mut ptr_0: *mut CK_ATTRIBUTE = attrs.as_mut_ptr().offset(attr_cnt as isize); - (*ptr_0).type_0 = 0x1 as CK_ATTRIBUTE_TYPE; - (*ptr_0).pValue = &mut cktrue as *mut CK_BBOOL as CK_VOID_PTR; - (*ptr_0).ulValueLen = ::std::mem::size_of::() as u64; - attr_cnt = attr_cnt + 1; - let mut ptr_1: *mut CK_ATTRIBUTE = attrs.as_mut_ptr().offset(attr_cnt as isize); - (*ptr_1).type_0 = 0x3 as CK_ATTRIBUTE_TYPE; - (*ptr_1).pValue = filename as *mut u8 as CK_VOID_PTR; - (*ptr_1).ulValueLen = (strlen(filename)).wrapping_add(1 as u64); - if 0x1 as u64 == obj_class { - let mut pval: *mut CK_BBOOL = if cacert as i32 != 0 { - &mut cktrue - } else { - &mut ckfalse - }; - attr_cnt = attr_cnt + 1; - let mut ptr_2: *mut CK_ATTRIBUTE = attrs.as_mut_ptr().offset(attr_cnt as isize); - (*ptr_2).type_0 = (0x80000000 as u32 | 0x4e534350 as u32) - .wrapping_add(0x2000 as u32) - as CK_ATTRIBUTE_TYPE; - (*ptr_2).pValue = pval as CK_VOID_PTR; - (*ptr_2).ulValueLen = ::std::mem::size_of::() as u64; - } - // done - 511 - if cfg!(HAVE_PK11_CREATEMANAGEDGENERICOBJECT){ - obj = PK11_CreateManagedGenericObject(slot, attrs.as_mut_ptr(), attr_cnt, 0 as i32); - } - PK11_FreeSlot(slot); - if obj.is_null() { - return result; - } - if insert_wrapped_ptr(&mut (*backend).obj_list, obj as *mut libc::c_void) as u32 - != CURLE_OK as u32 - { - PK11_DestroyGenericObject(obj); - return CURLE_OUT_OF_MEMORY; - } - if !cacert && 0x1 as u64 == obj_class { - /* store reference to a client certificate */ - (*backend).obj_clicert = obj; - } - /* PK11_CreateManagedGenericObject() was introduced in NSS 3.34 because - * PK11_DestroyGenericObject() does not release resources allocated by - * PK11_CreateGenericObject() early enough. */ - return CURLE_OK; - } - } - - /* Destroy the NSS object whose handle is given by ptr. This function is - * a callback of Curl_llist_alloc() used by Curl_llist_destroy() to destroy - * NSS objects in nss_close() */ - extern "C" fn nss_destroy_object(mut user: *mut libc::c_void, mut ptr: *mut libc::c_void) { - unsafe{ - let mut wrap: *mut ptr_list_wrap = ptr as *mut ptr_list_wrap; - let mut obj: *mut PK11GenericObject = (*wrap).ptr as *mut PK11GenericObject; - PK11_DestroyGenericObject(obj); - #[cfg(not(CURLDEBUG))] - Curl_cfree.expect("non-null function pointer")(wrap as *mut libc::c_void); - - #[cfg(CURLDEBUG)] - curl_dbg_free( - wrap as *mut libc::c_void, - 543 as libc::c_int, - b"vtls/nss.c\0" as *const u8 as *const libc::c_char, - ); - } - } - - /* same as nss_destroy_object() but for CRL items */ - extern "C" fn nss_destroy_crl_item(mut user: *mut libc::c_void, mut ptr: *mut libc::c_void) { - unsafe{ - let mut wrap: *mut ptr_list_wrap = ptr as *mut ptr_list_wrap; - let mut crl_der: *mut SECItem = (*wrap).ptr as *mut SECItem; - SECITEM_FreeItem(crl_der, 1 as i32); - #[cfg(not(CURLDEBUG))] - Curl_cfree.expect("non-null function pointer")(wrap as *mut libc::c_void); - #[cfg(CURLDEBUG)] - curl_dbg_free( - wrap as *mut libc::c_void, - 553 as libc::c_int, - b"vtls/nss.c\0" as *const u8 as *const libc::c_char, - ); - } - } - extern "C" fn nss_load_cert( - mut ssl: *mut ssl_connect_data, - mut filename: *const libc::c_char, - mut cacert: PRBool, - ) -> CURLcode { - unsafe{ - /* libnsspem.so leaks memory if the requested file does not exist. For more - * details, go to . */ - let mut result: CURLcode = (if cacert != 0 { - CURLE_SSL_CACERT_BADFILE as i32 - } else { - CURLE_SSL_CERTPROBLEM as i32 - }) as CURLcode; - if is_file(filename) != 0 { - /* we have successfully loaded a client certificate */ - result = nss_create_object( - ssl, - 0x1 as CK_OBJECT_CLASS, - filename, - cacert != 0, - ); - } - if result as u64 == 0 && cacert == 0 { - let mut nickname: *mut libc::c_char = 0 as *mut libc::c_char; - let mut n: *mut libc::c_char = strrchr(filename, '/' as i32); - if !n.is_null() { - n = n.offset(1); - } - /* The following undocumented magic helps to avoid a SIGSEGV on call - * of PK11_ReadRawAttribute() from SelectClientCert() when using an - * immature version of libnsspem.so. For more details, go to - * . */ - nickname = curl_maprintf(b"PEM Token #1:%s\0" as *const u8 as *const libc::c_char, n); - if !nickname.is_null() { - let mut cert: *mut CERTCertificate = - PK11_FindCertFromNickname(nickname, 0 as *mut libc::c_void); - if !cert.is_null() { - CERT_DestroyCertificate(cert); - } - #[cfg(not(CURLDEBUG))] - Curl_cfree.expect("non-null function pointer")(nickname as *mut libc::c_void); - #[cfg(CURLDEBUG)] - curl_dbg_free( - nickname as *mut libc::c_void, - 585 as libc::c_int, - b"vtls/nss.c\0" as *const u8 as *const libc::c_char, - ); - } - } - return result; - - } - } - - /* add given CRL to cache if it is not already there */ - extern "C" fn nss_cache_crl(mut crl_der: *mut SECItem) -> CURLcode { - unsafe{ - let mut db: *mut CERTCertDBHandle = CERT_GetDefaultCertDB(); - let mut crl: *mut CERTSignedCrl = SEC_FindCrlByDERCert(db, crl_der, 0 as i32); - if !crl.is_null() { - /* CRL already cached */ - SEC_DestroyCrl(crl); - SECITEM_FreeItem(crl_der, 1 as i32); - return CURLE_OK; - } - - - /* acquire lock before call of CERT_CacheCRL() and accessing nss_crl_list */ - PR_Lock(nss_crllock); - if SECSuccess as i32 != CERT_CacheCRL(db, crl_der) as i32 { - /* unable to cache CRL */ - SECITEM_FreeItem(crl_der, 1 as i32); - PR_Unlock(nss_crllock); - return CURLE_SSL_CRL_BADFILE; - } - /* store the CRL item so that we can free it in nss_cleanup() */ - if insert_wrapped_ptr(&mut nss_crl_list, crl_der as *mut libc::c_void) as u32 - != CURLE_OK as u32 - { - if SECSuccess as i32 == CERT_UncacheCRL(db, crl_der) as i32 { - SECITEM_FreeItem(crl_der, 1 as i32); - } - PR_Unlock(nss_crllock); - return CURLE_OUT_OF_MEMORY; - } - /* we need to clear session cache, so that the CRL could take effect */ - SSL_ClearSessionCache(); - PR_Unlock(nss_crllock); - return CURLE_OK; - } - } - // unsafe extern "C" fn nss_load_crl(mut crlfilename: *const libc::c_char) -> CURLcode { - // let mut current_block: u64; - // let mut infile: *mut PRFileDesc = 0 as *mut PRFileDesc; - // let mut info: PRFileInfo = PRFileInfo { - // type_0: 0 as PRFileType, - // size: 0, - // creationTime: 0, - // modifyTime: 0, - // }; - // let mut filedata: SECItem = { - // let mut init = SECItemStr { - // type_0: siBuffer, - // data: 0 as *mut u8, - // len: 0 as i32 as u32, - // }; - // init - // }; - // let mut crl_der: *mut SECItem = 0 as *mut SECItem; - // let mut body: *mut libc::c_char = 0 as *mut libc::c_char; - // infile = PR_Open(crlfilename, 0x1 as i32, 0 as i32); - // if infile.is_null() { - // return CURLE_SSL_CRL_BADFILE; - // } - // if !(PR_SUCCESS as i32 - // != PR_GetOpenFileInfo(infile, &mut info) as i32) - // { - // if !(SECITEM_AllocItem( - // 0 as *mut PLArenaPool, - // &mut filedata, - // (info.size + 1 as i32) as u32, - // )) - // .is_null() - // { - // if !(info.size - // != PR_Read(infile, filedata.data as *mut libc::c_void, info.size)) - // { - // crl_der = SECITEM_AllocItem( - // 0 as *mut PLArenaPool, - // 0 as *mut SECItem, - // 0 as u32, - // ); - // if !crl_der.is_null() { - // body = filedata.data as *mut libc::c_char; - // filedata.len = (filedata.len).wrapping_sub(1); - // *body.offset(filedata.len as isize) = '\u{0}' as i32 as libc::c_char; - // body = strstr( - // body, - // b"-----BEGIN\0" as *const u8 as *const libc::c_char, - // ); - // if !body.is_null() { - // let mut trailer: *mut libc::c_char = 0 as *mut libc::c_char; - // let mut begin: *mut libc::c_char = strchr(body, '\n' as i32); - // if begin.is_null() { - // begin = strchr(body, '\r' as i32); - // } - // if begin.is_null() { - // current_block = 8725644592553896754; - // } else { - // begin = begin.offset(1); - // trailer = strstr( - // begin, - // b"-----END\0" as *const u8 as *const libc::c_char, - // ); - // if trailer.is_null() { - // current_block = 8725644592553896754; - // } else { - // *trailer = '\u{0}' as i32 as libc::c_char; - // if ATOB_ConvertAsciiToItem(crl_der, begin) as u64 != 0 { - // current_block = 8725644592553896754; - // } else { - // SECITEM_FreeItem(&mut filedata, 0 as i32); - // current_block = 17478428563724192186; - // } - // } - // } - // } else { - // *crl_der = filedata; - // current_block = 17478428563724192186; - // } - // match current_block { - // 8725644592553896754 => {} - // _ => { - // PR_Close(infile); - // return nss_cache_crl(crl_der); - // } - // } - // } - // } - // } - // } - // PR_Close(infile); - // SECITEM_FreeItem(crl_der, 1 as i32); - // SECITEM_FreeItem(&mut filedata, 0 as i32); - // return CURLE_SSL_CRL_BADFILE; - // } - extern "C" fn nss_load_crl(mut crlfilename: *const libc::c_char) -> CURLcode { - unsafe{ - let mut infile: *mut PRFileDesc = 0 as *mut PRFileDesc; - let mut info: PRFileInfo = PRFileInfo { - type_0: 0 as PRFileType, - size: 0, - creationTime: 0, - modifyTime: 0, - }; - let mut filedata: SECItem = { - let mut init = SECItemStr { - type_0: siBuffer, - data: 0 as *mut u8, - len: 0 as i32 as u32, - }; - init - }; - let mut crl_der: *mut SECItem = 0 as *mut SECItem; - let mut body: *mut libc::c_char = 0 as *mut libc::c_char; - infile = PR_Open(crlfilename, 0x1 as i32, 0 as i32); - if infile.is_null() { - return CURLE_SSL_CRL_BADFILE; - } - // 创建一个循环 - 'fail: loop { - if PR_SUCCESS as i32 != PR_GetOpenFileInfo(infile, &mut info) as i32 - { - break 'fail; - } - if (SECITEM_AllocItem( - 0 as *mut PLArenaPool, - &mut filedata, - (info.size + 1 as i32) as u32, - )) - .is_null() - { - break 'fail; - } - if info.size != PR_Read(infile, filedata.data as *mut libc::c_void, info.size) { - break 'fail; - } - crl_der = SECITEM_AllocItem( - 0 as *mut PLArenaPool, - 0 as *mut SECItem, - 0 as u32, - ); - if crl_der.is_null() { - break 'fail; - } - /* place a trailing zero right after the visible data */ - body = filedata.data as *mut libc::c_char; - filedata.len = (filedata.len).wrapping_sub(1); - *body.offset(filedata.len as isize) = '\u{0}' as i32 as libc::c_char; - body = strstr(body, b"-----BEGIN\0" as *const u8 as *const libc::c_char); - if !body.is_null() { - /* assume ASCII */ - let mut trailer: *mut libc::c_char = 0 as *mut libc::c_char; - let mut begin: *mut libc::c_char = strchr(body, '\n' as i32); - if begin.is_null() { - begin = strchr(body, '\r' as i32); - } - if begin.is_null() { - break 'fail; - } - begin = begin.offset(1); - trailer = strstr(begin, b"-----END\0" as *const u8 as *const libc::c_char); - if trailer.is_null() { - break 'fail; - } - /* retrieve DER from ASCII */ - *trailer = '\u{0}' as libc::c_char; - if ATOB_ConvertAsciiToItem(crl_der, begin) as u64 != 0 { - break 'fail; - } - SECITEM_FreeItem(&mut filedata, 0 as i32); - } else { - /* assume DER */ - *crl_der = filedata; - } - PR_Close(infile); - // curl_mprintf(b"hanxj\0" as *const u8 as *const libc::c_char); - return nss_cache_crl(crl_der); - break 'fail; - } - PR_Close(infile); - SECITEM_FreeItem(crl_der, 1 as i32); - SECITEM_FreeItem(&mut filedata, 0 as i32); - return CURLE_SSL_CRL_BADFILE; - } - } - extern "C" fn nss_load_key( - mut data: *mut Curl_easy, - mut conn: *mut connectdata, - mut sockindex: i32, - mut key_file: *mut libc::c_char, - ) -> CURLcode { - unsafe{ - let mut slot: *mut PK11SlotInfo = 0 as *mut PK11SlotInfo; - let mut tmp: *mut PK11SlotInfo = 0 as *mut PK11SlotInfo; - let mut status: SECStatus = SECSuccess; - let mut result: CURLcode = CURLE_OK; - let mut ssl: *mut ssl_connect_data = ((*conn).ssl).as_mut_ptr(); - result = nss_create_object( - ssl, - 0x3 as CK_OBJECT_CLASS, - key_file, - 0 as i32 != 0, - ); - if result as u64 != 0 { - PR_SetError(SEC_ERROR_BAD_KEY as i32, 0 as i32); - return result; - } - slot = nss_find_slot_by_name(b"PEM Token #1\0" as *const u8 as *const libc::c_char); - if slot.is_null() { - return CURLE_SSL_CERTPROBLEM; - } - /* This will force the token to be seen as re-inserted */ - tmp = SECMOD_WaitForAnyTokenEvent( - pem_module, - 0 as u64, - 0 as PRIntervalTime, - ); - if !tmp.is_null() { - PK11_FreeSlot(tmp); - } - if PK11_IsPresent(slot) == 0 { - PK11_FreeSlot(slot); - return CURLE_SSL_CERTPROBLEM; - } - #[cfg(not(CURL_DISABLE_PROXY))] - let SSL_SET_OPTION_key_passwd = PK11_Authenticate( - slot, - 1 as i32, - (if CURLPROXY_HTTPS as u32 - == (*conn).http_proxy.proxytype as u32 - && ssl_connection_complete as u32 - != (*conn).proxy_ssl[(if (*conn).sock[1 as usize] - == -(1 as i32) - { - 0 as i32 - } else { - 1 as i32 - }) as usize] - .state as u32 - { - (*data).set.proxy_ssl.key_passwd - } else { - (*data).set.ssl.key_passwd - }) as *mut libc::c_void, - ); - #[cfg(CURL_DISABLE_PROXY)] - let SSL_SET_OPTION_key_passwd = PK11_Authenticate( - slot, - 1 as i32, - (*data).set.ssl.key_passwd as *mut libc::c_void, - ); - - status = SSL_SET_OPTION_key_passwd; - PK11_FreeSlot(slot); - return (if SECSuccess as i32 == status as i32 { - CURLE_OK as i32 - } else { - CURLE_SSL_CERTPROBLEM as i32 - }) as CURLcode; - } - } - extern "C" fn display_error( - mut data: *mut Curl_easy, - mut err: PRInt32, - mut filename: *const libc::c_char, - ) -> i32 { - unsafe{ - match err { - -8177 => { - Curl_failf( - data, - b"Unable to load client key: Incorrect password\0" as *const u8 - as *const libc::c_char, - ); - return 1 as i32; - } - -8077 => { - Curl_failf( - data, - b"Unable to load certificate %s\0" as *const u8 as *const libc::c_char, - filename, - ); - return 1 as i32; - } - _ => {} - } - return 0 as i32;/* The caller will print a generic error */ - } - } - extern "C" fn cert_stuff( - mut data: *mut Curl_easy, - mut conn: *mut connectdata, - mut sockindex: i32, - mut cert_file: *mut libc::c_char, - mut key_file: *mut libc::c_char, - ) -> CURLcode { - unsafe{ - let mut result: CURLcode = CURLE_OK; - if !cert_file.is_null() { - result = nss_load_cert( - &mut *((*conn).ssl).as_mut_ptr().offset(sockindex as isize), - cert_file, - 0 as i32, - ); - if result as u64 != 0 { - let err: PRErrorCode = PR_GetError(); - if display_error(data, err, cert_file) == 0 { - let mut err_name: *const libc::c_char = nss_error_to_name(err); - Curl_failf( - data, - b"unable to load client cert: %d (%s)\0" as *const u8 as *const libc::c_char, - err, - err_name, - ); - } - return result; - } - } - if !key_file.is_null() || is_file(cert_file) != 0 { - if !key_file.is_null() { - result = nss_load_key(data, conn, sockindex, key_file); - } else { - /* In case the cert file also has the key */ - result = nss_load_key(data, conn, sockindex, cert_file); - } - if result as u64 != 0 { - let err_0: PRErrorCode = PR_GetError(); - if display_error(data, err_0, key_file) == 0 { - let mut err_name_0: *const libc::c_char = nss_error_to_name(err_0); - Curl_failf( - data, - b"unable to load client key: %d (%s)\0" as *const u8 as *const libc::c_char, - err_0, - err_name_0, - ); - } - return result; - } - } - return CURLE_OK; - } - } - extern "C" fn nss_get_password( - mut slot: *mut PK11SlotInfo, /* unused */ - mut retry: PRBool, - mut arg: *mut libc::c_void, - ) -> *mut libc::c_char { - unsafe{ - if retry != 0 || arg.is_null() { - return 0 as *mut libc::c_char; - } else { - return PORT_Strdup(arg as *mut libc::c_char); - }; - } - } - - - /* bypass the default SSL_AuthCertificate() hook in case we do not want to - * verify peer */ - extern "C" fn nss_auth_cert_hook( - mut arg: *mut libc::c_void, - mut fd: *mut PRFileDesc, - mut checksig: PRBool, - mut isServer: PRBool, - ) -> SECStatus { - unsafe{ - let mut data: *mut Curl_easy = arg as *mut Curl_easy; - let mut conn: *mut connectdata = (*data).conn; - #[cfg(not(CURL_DISABLE_PROXY))] - let SSL_CONN_CONFIG_verifystatus = if CURLPROXY_HTTPS as i32 as u32 - == (*conn).http_proxy.proxytype as u32 - && ssl_connection_complete as i32 as u32 - != (*conn).proxy_ssl[(if (*conn).sock[1 as i32 as usize] == -(1 as i32) - { - 0 as i32 - } else { - 1 as i32 - }) as usize] - .state as u32 - { - ((*conn).proxy_ssl_config).verifystatus() as i32 - } else { - ((*conn).ssl_config).verifystatus() as i32 - }; - #[cfg(CURL_DISABLE_PROXY)] - let SSL_CONN_CONFIG_verifystatus = ((*conn).ssl_config).verifystatus(); - #[cfg(not(CURL_DISABLE_PROXY))] - let SSL_CONN_CONFIG_verifypeer = if CURLPROXY_HTTPS as u32 - == (*conn).http_proxy.proxytype as u32 - && ssl_connection_complete as u32 - != (*conn).proxy_ssl[(if (*conn).sock[1 as usize] == -(1 as i32) - { - 0 as i32 - } else { - 1 as i32 - }) as usize] - .state as u32 - { - ((*conn).proxy_ssl_config).verifypeer() as i32 - } else { - ((*conn).ssl_config).verifypeer() as i32 - }; - #[cfg(CURL_DISABLE_PROXY)] - let SSL_CONN_CONFIG_verifypeer = ((*conn).ssl_config).verifypeer(); - #[cfg(SSL_ENABLE_OCSP_STAPLING)] - if SSL_CONN_CONFIG_verifystatus != 0 - { - let mut cacheResult: SECStatus = SECSuccess; - let mut csa: *const SECItemArray = SSL_PeerStapledOCSPResponses(fd); - if csa.is_null() { - Curl_failf( - data, - b"Invalid OCSP response\0" as *const u8 as *const libc::c_char, - ); - return SECFailure; - } - if (*csa).len == 0 as u32 { - Curl_failf( - data, - b"No OCSP response received\0" as *const u8 as *const libc::c_char, - ); - return SECFailure; - } - cacheResult = CERT_CacheOCSPResponseFromSideChannel( - CERT_GetDefaultCertDB(), - SSL_PeerCertificate(fd), - PR_Now(), - &mut *((*csa).items).offset(0 as isize), - arg, - ); - if cacheResult as i32 != SECSuccess as i32 { - Curl_failf( - data, - b"Invalid OCSP response\0" as *const u8 as *const libc::c_char, - ); - return cacheResult; - } - } - if SSL_CONN_CONFIG_verifypeer == 0 - { - Curl_infof( - data, - b"skipping SSL peer certificate verification\0" as *const u8 as *const libc::c_char, - ); - return SECSuccess; - } - return SSL_AuthCertificate( - CERT_GetDefaultCertDB() as *mut libc::c_void, - fd, - checksig, - isServer, - ); - } - } - - - /** - * Inform the application that the handshake is complete. - */ - extern "C" fn HandshakeCallback(mut sock: *mut PRFileDesc, mut arg: *mut libc::c_void) { - unsafe{ - let mut data: *mut Curl_easy = arg as *mut Curl_easy; - let mut conn: *mut connectdata = (*data).conn; - let mut buflenmax: u32 = 50 as u32; - let mut buf: [u8; 50] = [0; 50]; - let mut buflen: u32 = 0; - let mut state: SSLNextProtoState = SSL_NEXT_PROTO_NO_SUPPORT; - if ((*conn).bits).tls_enable_npn() == 0 && ((*conn).bits).tls_enable_alpn() == 0 { - return; - } - if SSL_GetNextProto(sock, &mut state, buf.as_mut_ptr(), &mut buflen, buflenmax) as i32 - == SECSuccess as i32 - { - let mut current_block_6: u64; - match state as u32 { - 4 | 0 | 2 => { - Curl_infof( - data, - b"ALPN/NPN, server did not agree to a protocol\0" as *const u8 - as *const libc::c_char, - ); - return; - } - #[cfg(SSL_ENABLE_ALPN)] - 3 => { - Curl_infof( - data, - b"ALPN, server accepted to use %.*s\0" as *const u8 as *const libc::c_char, - buflen, - buf.as_mut_ptr(), - ); - } - 1 => { - Curl_infof( - data, - b"NPN, server accepted to use %.*s\0" as *const u8 as *const libc::c_char, - buflen, - buf.as_mut_ptr(), - ); - } - _ => { - current_block_6 = 10599921512955367680; - } - } - if buflen == 2 as u32 - && memcmp( - b"h2\0" as *const u8 as *const libc::c_char as *const libc::c_void, - buf.as_mut_ptr() as *const libc::c_void, - 2 as u64, - ) == 0 - { - (*conn).negnpn = CURL_HTTP_VERSION_2_0 as i32; - } else if buflen == 8 as u32 - && memcmp( - b"http/1.1\0" as *const u8 as *const libc::c_char as *const libc::c_void, - buf.as_mut_ptr() as *const libc::c_void, - 8 as u64, - ) == 0 - { - (*conn).negnpn = CURL_HTTP_VERSION_1_1 as i32; - } - Curl_multiuse_state( - data, - if (*conn).negnpn == CURL_HTTP_VERSION_2_0 as i32 { - 2 as i32 - } else { - -(1 as i32) - }, - ); - } - } - } - // unsafe extern "C" fn CanFalseStartCallback( - // mut sock: *mut PRFileDesc, - // mut client_data: *mut libc::c_void, - // mut canFalseStart: *mut PRBool, - // ) -> SECStatus { - // let mut data: *mut Curl_easy = client_data as *mut Curl_easy; - // let mut channelInfo: SSLChannelInfo = SSLChannelInfo { - // length: 0, - // protocolVersion: 0, - // cipherSuite: 0, - // authKeyBits: 0, - // keaKeyBits: 0, - // creationTime: 0, - // lastAccessTime: 0, - // expirationTime: 0, - // sessionIDLength: 0, - // sessionID: [0; 32], - // compressionMethodName: 0 as *const libc::c_char, - // compressionMethod: ssl_compression_null, - // extendedMasterSecretUsed: 0, - // earlyDataAccepted: 0, - // keaType: ssl_kea_null, - // keaGroup: 0 as SSLNamedGroup, - // symCipher: ssl_calg_null, - // macAlgorithm: ssl_mac_null, - // authType: ssl_auth_null, - // signatureScheme: ssl_sig_none, - // originalKeaGroup: 0 as SSLNamedGroup, - // resumed: 0, - // peerDelegCred: 0, - // }; - // let mut cipherInfo: SSLCipherSuiteInfo = SSLCipherSuiteInfo { - // length: 0, - // cipherSuite: 0, - // cipherSuiteName: 0 as *const libc::c_char, - // authAlgorithmName: 0 as *const libc::c_char, - // authAlgorithm: ssl_auth_null, - // keaTypeName: 0 as *const libc::c_char, - // keaType: ssl_kea_null, - // symCipherName: 0 as *const libc::c_char, - // symCipher: ssl_calg_null, - // symKeyBits: 0, - // symKeySpace: 0, - // effectiveKeyBits: 0, - // macAlgorithmName: 0 as *const libc::c_char, - // macAlgorithm: ssl_mac_null, - // macBits: 0, - // c2rust_padding: [0; 1], - // isFIPS_isExportable_nonStandard_reservedBits: [0; 5], - // authType: ssl_auth_null, - // kdfHash: ssl_hash_none, - // }; - // let mut rv: SECStatus = SECSuccess; - // let mut negotiatedExtension: PRBool = 0; - // *canFalseStart = 0 as i32; - // if SSL_GetChannelInfo( - // sock, - // &mut channelInfo, - // ::std::mem::size_of::() as u64 as PRUintn, - // ) as i32 - // != SECSuccess as i32 - // { - // return SECFailure; - // } - // if SSL_GetCipherSuiteInfo( - // channelInfo.cipherSuite, - // &mut cipherInfo, - // ::std::mem::size_of::() as u64 as PRUintn, - // ) as i32 - // != SECSuccess as i32 - // { - // return SECFailure; - // } - // if !(channelInfo.protocolVersion as i32 != 0x303 as i32) { - // if !(cipherInfo.keaType as u32 != ssl_kea_ecdh as i32 as u32) { - // if !(cipherInfo.symCipher as u32 - // != ssl_calg_aes_gcm as i32 as u32) - // { - // rv = SSL_HandshakeNegotiatedExtension( - // sock, - // ssl_app_layer_protocol_xtn, - // &mut negotiatedExtension, - // ); - // if rv as i32 != SECSuccess as i32 || negotiatedExtension == 0 { - // rv = SSL_HandshakeNegotiatedExtension( - // sock, - // ssl_next_proto_nego_xtn, - // &mut negotiatedExtension, - // ); - // } - // if !(rv as i32 != SECSuccess as i32 || negotiatedExtension == 0) { - // *canFalseStart = 1 as i32; - // Curl_infof( - // data, - // b"Trying TLS False Start\0" as *const u8 as *const libc::c_char, - // ); - // } - // } - // } - // } - // return SECSuccess; - // } - extern "C" fn CanFalseStartCallback( - mut sock: *mut PRFileDesc, - mut client_data: *mut libc::c_void, - mut canFalseStart: *mut PRBool, - ) -> SECStatus { - unsafe{ - let mut data: *mut Curl_easy = client_data as *mut Curl_easy; - let mut channelInfo: SSLChannelInfo = SSLChannelInfo { - length: 0, - protocolVersion: 0, - cipherSuite: 0, - authKeyBits: 0, - keaKeyBits: 0, - creationTime: 0, - lastAccessTime: 0, - expirationTime: 0, - sessionIDLength: 0, - sessionID: [0; 32], - compressionMethodName: 0 as *const libc::c_char, - compressionMethod: ssl_compression_null, - extendedMasterSecretUsed: 0, - earlyDataAccepted: 0, - keaType: ssl_kea_null, - keaGroup: 0 as SSLNamedGroup, - symCipher: ssl_calg_null, - macAlgorithm: ssl_mac_null, - authType: ssl_auth_null, - signatureScheme: ssl_sig_none, - originalKeaGroup: 0 as SSLNamedGroup, - resumed: 0, - peerDelegCred: 0, - }; - let mut cipherInfo: SSLCipherSuiteInfo = SSLCipherSuiteInfo { - length: 0, - cipherSuite: 0, - cipherSuiteName: 0 as *const libc::c_char, - authAlgorithmName: 0 as *const libc::c_char, - authAlgorithm: ssl_auth_null, - keaTypeName: 0 as *const libc::c_char, - keaType: ssl_kea_null, - symCipherName: 0 as *const libc::c_char, - symCipher: ssl_calg_null, - symKeyBits: 0, - symKeySpace: 0, - effectiveKeyBits: 0, - macAlgorithmName: 0 as *const libc::c_char, - macAlgorithm: ssl_mac_null, - macBits: 0, - c2rust_padding: [0; 1], - isFIPS_isExportable_nonStandard_reservedBits: [0; 5], - authType: ssl_auth_null, - kdfHash: ssl_hash_none, - }; - let mut rv: SECStatus = SECSuccess; - let mut negotiatedExtension: PRBool = 0; - *canFalseStart = 0 as i32; - if SSL_GetChannelInfo( - sock, - &mut channelInfo, - ::std::mem::size_of::() as PRUintn, - ) as i32 - != SECSuccess as i32 - { - return SECFailure; - } - if SSL_GetCipherSuiteInfo( - channelInfo.cipherSuite, - &mut cipherInfo, - ::std::mem::size_of::() as PRUintn, - ) as i32 - != SECSuccess as i32 - { - return SECFailure; - } - // 创建一个循环 - // 循环开始 - 'end: loop { - /* Prevent version downgrade attacks from TLS 1.2, and avoid False Start for - * TLS 1.3 and later. See https://bugzilla.mozilla.org/show_bug.cgi?id=861310 - */ - if channelInfo.protocolVersion as i32 != 0x303 as i32 { - break 'end; - } - /* Only allow ECDHE key exchange algorithm. - * See https://bugzilla.mozilla.org/show_bug.cgi?id=952863 */ - if cipherInfo.keaType as u32 != ssl_kea_ecdh as u32 - { - break 'end; - } - /* Prevent downgrade attacks on the symmetric cipher. We do not allow CBC - * mode due to BEAST, POODLE, and other attacks on the MAC-then-Encrypt - * design. See https://bugzilla.mozilla.org/show_bug.cgi?id=1109766 */ - if cipherInfo.symCipher as u32 - != ssl_calg_aes_gcm as u32 - { - break 'end; - } - /* Enforce ALPN or NPN to do False Start, as an indicator of server - * compatibility. */ - rv = SSL_HandshakeNegotiatedExtension( - sock, - ssl_app_layer_protocol_xtn, - &mut negotiatedExtension, - ); - if rv as i32 != SECSuccess as i32 || negotiatedExtension == 0 { - rv = SSL_HandshakeNegotiatedExtension( - sock, - ssl_next_proto_nego_xtn, - &mut negotiatedExtension, - ); - } - if rv as i32 != SECSuccess as i32 || negotiatedExtension == 0 { - break 'end; - } - *canFalseStart = 1 as i32; - Curl_infof(data, b"Trying TLS False Start\0" as *const u8 as *const libc::c_char); - break 'end; - } - // 循环结束 - // curl_mprintf(b"hanxj\0" as *const u8 as *const libc::c_char); - return SECSuccess; - } - } - extern "C" fn display_cert_info(mut data: *mut Curl_easy, mut cert: *mut CERTCertificate) { - unsafe{ - let mut subject: *mut libc::c_char = 0 as *mut libc::c_char; - let mut issuer: *mut libc::c_char = 0 as *mut libc::c_char; - let mut common_name: *mut libc::c_char = 0 as *mut libc::c_char; - let mut printableTime: PRExplodedTime = PRExplodedTime { - tm_usec: 0, - tm_sec: 0, - tm_min: 0, - tm_hour: 0, - tm_mday: 0, - tm_month: 0, - tm_year: 0, - tm_wday: 0, - tm_yday: 0, - tm_params: PRTimeParameters { - tp_gmt_offset: 0, - tp_dst_offset: 0, - }, - }; - let mut timeString: [libc::c_char; 256] = [0; 256]; - let mut notBefore: PRTime = 0; - let mut notAfter: PRTime = 0; - subject = CERT_NameToAscii(&mut (*cert).subject); - issuer = CERT_NameToAscii(&mut (*cert).issuer); - common_name = CERT_GetCommonName(&mut (*cert).subject); - Curl_infof( - data, - b"subject: %s\n\0" as *const u8 as *const libc::c_char, - subject, - ); - CERT_GetCertTimes(cert, &mut notBefore, &mut notAfter); - PR_ExplodeTime( - notBefore, - Some(PR_GMTParameters as unsafe extern "C" fn(*const PRExplodedTime) -> PRTimeParameters), - &mut printableTime, - ); - PR_FormatTime( - timeString.as_mut_ptr(), - 256 as i32, - b"%b %d %H:%M:%S %Y GMT\0" as *const u8 as *const libc::c_char, - &mut printableTime, - ); - Curl_infof( - data, - b" start date: %s\0" as *const u8 as *const libc::c_char, - timeString.as_mut_ptr(), - ); - PR_ExplodeTime( - notAfter, - Some(PR_GMTParameters as unsafe extern "C" fn(*const PRExplodedTime) -> PRTimeParameters), - &mut printableTime, - ); - PR_FormatTime( - timeString.as_mut_ptr(), - 256 as i32, - b"%b %d %H:%M:%S %Y GMT\0" as *const u8 as *const libc::c_char, - &mut printableTime, - ); - Curl_infof( - data, - b" expire date: %s\0" as *const u8 as *const libc::c_char, - timeString.as_mut_ptr(), - ); - Curl_infof( - data, - b" common name: %s\0" as *const u8 as *const libc::c_char, - common_name, - ); - Curl_infof( - data, - b" issuer: %s\0" as *const u8 as *const libc::c_char, - issuer, - ); - PR_Free(subject as *mut libc::c_void); - PR_Free(issuer as *mut libc::c_void); - PR_Free(common_name as *mut libc::c_void); - } - } - extern "C" fn display_conn_info( - mut data: *mut Curl_easy, - mut sock: *mut PRFileDesc, - ) -> CURLcode { - unsafe{ - let mut result: CURLcode = CURLE_OK; - let mut channel: SSLChannelInfo = SSLChannelInfo { - length: 0, - protocolVersion: 0, - cipherSuite: 0, - authKeyBits: 0, - keaKeyBits: 0, - creationTime: 0, - lastAccessTime: 0, - expirationTime: 0, - sessionIDLength: 0, - sessionID: [0; 32], - compressionMethodName: 0 as *const libc::c_char, - compressionMethod: ssl_compression_null, - extendedMasterSecretUsed: 0, - earlyDataAccepted: 0, - keaType: ssl_kea_null, - keaGroup: 0 as SSLNamedGroup, - symCipher: ssl_calg_null, - macAlgorithm: ssl_mac_null, - authType: ssl_auth_null, - signatureScheme: ssl_sig_none, - originalKeaGroup: 0 as SSLNamedGroup, - resumed: 0, - peerDelegCred: 0, - }; - let mut suite: SSLCipherSuiteInfo = SSLCipherSuiteInfo { - length: 0, - cipherSuite: 0, - cipherSuiteName: 0 as *const libc::c_char, - authAlgorithmName: 0 as *const libc::c_char, - authAlgorithm: ssl_auth_null, - keaTypeName: 0 as *const libc::c_char, - keaType: ssl_kea_null, - symCipherName: 0 as *const libc::c_char, - symCipher: ssl_calg_null, - symKeyBits: 0, - symKeySpace: 0, - effectiveKeyBits: 0, - macAlgorithmName: 0 as *const libc::c_char, - macAlgorithm: ssl_mac_null, - macBits: 0, - c2rust_padding: [0; 1], - isFIPS_isExportable_nonStandard_reservedBits: [0; 5], - authType: ssl_auth_null, - kdfHash: ssl_hash_none, - }; - let mut cert: *mut CERTCertificate = 0 as *mut CERTCertificate; - let mut cert2: *mut CERTCertificate = 0 as *mut CERTCertificate; - let mut cert3: *mut CERTCertificate = 0 as *mut CERTCertificate; - let mut now: PRTime = 0; - if SSL_GetChannelInfo( - sock, - &mut channel, - ::std::mem::size_of::() as PRUintn, - ) as i32 - == SECSuccess as i32 - && channel.length as u64 - == ::std::mem::size_of::() as u64 - && channel.cipherSuite as i32 != 0 - { - if SSL_GetCipherSuiteInfo( - channel.cipherSuite, - &mut suite, - ::std::mem::size_of::() as PRUintn, - ) as i32 - == SECSuccess as i32 - { - Curl_infof( - data, - b"SSL connection using %s\0" as *const u8 as *const libc::c_char, - suite.cipherSuiteName, - ); - } - } - cert = SSL_PeerCertificate(sock); - if !cert.is_null() { - Curl_infof( - data, - b"Server certificate:\0" as *const u8 as *const libc::c_char, - ); - if ((*data).set.ssl).certinfo() == 0 { - display_cert_info(data, cert); - CERT_DestroyCertificate(cert); - } else { - /* Count certificates in chain. */ - let mut i: i32 = 1 as i32; - now = PR_Now(); - if (*cert).isRoot == 0 { - cert2 = CERT_FindCertIssuer(cert, now, certUsageSSLCA); - while !cert2.is_null() { - i += 1; - if (*cert2).isRoot != 0 { - CERT_DestroyCertificate(cert2); - break; - } else { - cert3 = CERT_FindCertIssuer(cert2, now, certUsageSSLCA); - CERT_DestroyCertificate(cert2); - cert2 = cert3; - } - } - } - result = Curl_ssl_init_certinfo(data, i); - if result as u64 == 0 { - i = 0 as i32; - while !cert.is_null() { - i = i + 1; - result = Curl_extract_certinfo( - data, - i, - (*cert).derCert.data as *mut libc::c_char, - ((*cert).derCert.data as *mut libc::c_char) - .offset((*cert).derCert.len as isize), - ); - if result as u64 != 0 { - break; - } - if (*cert).isRoot != 0 { - CERT_DestroyCertificate(cert); - break; - } else { - cert2 = CERT_FindCertIssuer(cert, now, certUsageSSLCA); - CERT_DestroyCertificate(cert); - cert = cert2; - } - } - } - } - } - return result; - } - } - #[cfg(not(CURL_DISABLE_PROXY))] - extern "C" fn BadCertHandler( - mut arg: *mut libc::c_void, - mut sock: *mut PRFileDesc, - ) -> SECStatus { - unsafe{ - let mut data: *mut Curl_easy = arg as *mut Curl_easy; - let mut conn: *mut connectdata = (*data).conn; - let mut err: PRErrorCode = PR_GetError(); - let mut cert: *mut CERTCertificate = 0 as *mut CERTCertificate; - - #[cfg(not(CURL_DISABLE_PROXY))] - if true { - *if CURLPROXY_HTTPS as u32 - == (*conn).http_proxy.proxytype as u32 - && ssl_connection_complete as u32 - != (*conn).proxy_ssl[(if (*conn).sock[1 as usize] == -(1 as i32) - { - 0 as i32 - } else { - 1 as i32 - }) as usize] - .state as u32 - { - &mut (*data).set.proxy_ssl.certverifyresult - } else { - &mut (*data).set.ssl.certverifyresult - } = err as i64; - } - #[cfg(CURL_DISABLE_PROXY)] - if true { - (*data).set.ssl.certverifyresult = err as i64; - } - - if err == SSL_ERROR_BAD_CERT_DOMAIN as i32 - && (if CURLPROXY_HTTPS as u32 - == (*conn).http_proxy.proxytype as u32 - && ssl_connection_complete as u32 - != (*conn).proxy_ssl[(if (*conn).sock[1 as usize] - == -(1 as i32) - { - 0 as i32 - } else { - 1 as i32 - }) as usize] - .state as u32 - { - ((*conn).proxy_ssl_config).verifyhost() as i32 - } else { - ((*conn).ssl_config).verifyhost() as i32 - }) == 0 - { - return SECSuccess; - } - cert = SSL_PeerCertificate(sock); - if !cert.is_null() { - Curl_infof( - data, - b"Server certificate:\0" as *const u8 as *const libc::c_char, - ); - display_cert_info(data, cert); - CERT_DestroyCertificate(cert); - } - return SECFailure; - } - } - #[cfg(CURL_DISABLE_PROXY)] - extern "C" fn BadCertHandler( - mut arg: *mut libc::c_void, - mut sock: *mut PRFileDesc, - ) -> SECStatus { - unsafe{ - let mut data: *mut Curl_easy = arg as *mut Curl_easy; - let mut conn: *mut connectdata = (*data).conn; - let mut err: PRErrorCode = PR_GetError(); - let mut cert: *mut CERTCertificate = 0 as *mut CERTCertificate; - /* remember the cert verification result */ - (*data).set.ssl.certverifyresult = err as i64; - if err == SSL_ERROR_BAD_CERT_DOMAIN as i32 - && ((*conn).ssl_config).verifyhost() == 0 - { - /* we are asked not to verify the host name */ - return SECSuccess; - } - /* print only info about the cert, the error is printed off the callback */ - cert = SSL_PeerCertificate(sock); - if !cert.is_null() { - Curl_infof(data, b"Server certificate:\0" as *const u8 as *const libc::c_char); - display_cert_info(data, cert); - CERT_DestroyCertificate(cert); - } - return SECFailure; - } - } - /** - * - * Check that the Peer certificate's issuer certificate matches the one found - * by issuer_nickname. This is not exactly the way OpenSSL and GNU TLS do the - * issuer check, so we provide comments that mimic the OpenSSL - * X509_check_issued function (in x509v3/v3_purp.c) - */ - extern "C" fn check_issuer_cert( - mut sock: *mut PRFileDesc, - mut issuer_nickname: *mut libc::c_char, - ) -> SECStatus { - unsafe{ - let mut cert: *mut CERTCertificate = 0 as *mut CERTCertificate; - let mut cert_issuer: *mut CERTCertificate = 0 as *mut CERTCertificate; - let mut issuer: *mut CERTCertificate = 0 as *mut CERTCertificate; - let mut res: SECStatus = SECSuccess; - let mut proto_win: *mut libc::c_void = 0 as *mut libc::c_void; - cert = SSL_PeerCertificate(sock); - cert_issuer = CERT_FindCertIssuer(cert, PR_Now(), certUsageObjectSigner); - proto_win = SSL_RevealPinArg(sock); - issuer = PK11_FindCertFromNickname(issuer_nickname, proto_win); - if cert_issuer.is_null() || issuer.is_null() { - res = SECFailure; - } else if SECITEM_CompareItem(&mut (*cert_issuer).derCert, &mut (*issuer).derCert) - as i32 - != SECEqual as i32 - { - res = SECFailure; - } - CERT_DestroyCertificate(cert); - CERT_DestroyCertificate(issuer); - CERT_DestroyCertificate(cert_issuer); - return res; - } - } - extern "C" fn cmp_peer_pubkey( - mut connssl: *mut ssl_connect_data, - mut pinnedpubkey: *const libc::c_char, - ) -> CURLcode { - unsafe{ - let mut result: CURLcode = CURLE_SSL_PINNEDPUBKEYNOTMATCH; - let mut backend: *mut ssl_backend_data = (*connssl).backend; - let mut data: *mut Curl_easy = (*backend).data; - let mut cert: *mut CERTCertificate = 0 as *mut CERTCertificate; - if pinnedpubkey.is_null() { - return CURLE_OK; - } - cert = SSL_PeerCertificate((*backend).nss_handle); - if !cert.is_null() { - /* no pinned public key specified */ - let mut pubkey: *mut SECKEYPublicKey = CERT_ExtractPublicKey(cert); - if !pubkey.is_null() { - let mut cert_der: *mut SECItem = PK11_DEREncodePublicKey(pubkey); - if !cert_der.is_null() { - result = Curl_pin_peer_pubkey( - data, - pinnedpubkey, - (*cert_der).data, - (*cert_der).len as size_t, - ); - SECITEM_FreeItem(cert_der, 1 as i32); - } - SECKEY_DestroyPublicKey(pubkey); - } - CERT_DestroyCertificate(cert); - } - match result as u32 { - 0 => { - Curl_infof( - data, - b"pinned public key verified successfully!\0" as *const u8 as *const libc::c_char, - ); - } - 90 => { - Curl_failf( - data, - b"failed to verify pinned public key\0" as *const u8 as *const libc::c_char, - ); - } - _ => {} - } - return result; - } - } - - - /** - * - * Callback to pick the SSL client certificate. - */ - extern "C" fn SelectClientCert( - mut arg: *mut libc::c_void, - mut sock: *mut PRFileDesc, - mut caNames: *mut CERTDistNamesStr, - mut pRetCert: *mut *mut CERTCertificateStr, - mut pRetKey: *mut *mut SECKEYPrivateKeyStr, - ) -> SECStatus { - unsafe{ - let mut connssl: *mut ssl_connect_data = arg as *mut ssl_connect_data; - let mut backend: *mut ssl_backend_data = (*connssl).backend; - let mut data: *mut Curl_easy = (*backend).data; - let mut nickname: *const libc::c_char = (*backend).client_nickname; - static mut pem_slotname: [libc::c_char; 13] = - unsafe { *::std::mem::transmute::<&[u8; 13], &[libc::c_char; 13]>(b"PEM Token #1\0") }; - if !((*backend).obj_clicert).is_null() { - /* use the cert/key provided by PEM reader */ - let mut cert_der: SECItem = { - let mut init = SECItemStr { - type_0: siBuffer, - data: 0 as *mut u8, - len: 0 as u32, - }; - init - }; - let mut proto_win: *mut libc::c_void = SSL_RevealPinArg(sock); - let mut cert: *mut CERTCertificateStr = 0 as *mut CERTCertificateStr; - let mut key: *mut SECKEYPrivateKeyStr = 0 as *mut SECKEYPrivateKeyStr; - let mut slot: *mut PK11SlotInfo = nss_find_slot_by_name(pem_slotname.as_ptr()); - if slot.is_null() { - Curl_failf( - data, - b"NSS: PK11 slot not found: %s\0" as *const u8 as *const libc::c_char, - pem_slotname.as_ptr(), - ); - return SECFailure; - } - if PK11_ReadRawAttribute( - PK11_TypeGeneric, - (*backend).obj_clicert as *mut libc::c_void, - 0x11 as CK_ATTRIBUTE_TYPE, - &mut cert_der, - ) as i32 - != SECSuccess as i32 - { - Curl_failf( - data, - b"NSS: CKA_VALUE not found in PK11 generic object\0" as *const u8 - as *const libc::c_char, - ); - PK11_FreeSlot(slot); - return SECFailure; - } - cert = PK11_FindCertFromDERCertItem(slot, &mut cert_der, proto_win); - SECITEM_FreeItem(&mut cert_der, 0 as i32); - if cert.is_null() { - /* extract public key from peer certificate */ - Curl_failf( - data, - b"NSS: client certificate from file not found\0" as *const u8 - as *const libc::c_char, - ); - PK11_FreeSlot(slot); - return SECFailure; - } - key = PK11_FindPrivateKeyFromCert(slot, cert, 0 as *mut libc::c_void); - PK11_FreeSlot(slot); - if key.is_null() { - Curl_failf( - data, - b"NSS: private key from file not found\0" as *const u8 as *const libc::c_char, - ); - CERT_DestroyCertificate(cert); - return SECFailure; - } - Curl_infof( - data, - b"NSS: client certificate from file\0" as *const u8 as *const libc::c_char, - ); - display_cert_info(data, cert); - *pRetCert = cert; - *pRetKey = key; - return SECSuccess; - } - - /* use the default NSS hook */ - if SECSuccess as i32 - != NSS_GetClientAuthData( - nickname as *mut libc::c_void, - sock, - caNames, - pRetCert, - pRetKey, - ) as i32 - || (*pRetCert).is_null() - { - if nickname.is_null() { - Curl_failf( - data, - b"NSS: client certificate not found (nickname not specified)\0" as *const u8 - as *const libc::c_char, - ); - } else { - Curl_failf( - data, - b"NSS: client certificate not found: %s\0" as *const u8 as *const libc::c_char, - nickname, - ); - } - return SECFailure; - } - - /* get certificate nickname if any */ - nickname = (**pRetCert).nickname; - if nickname.is_null() { - nickname = b"[unknown]\0" as *const u8 as *const libc::c_char; - } - if strncmp( - nickname, - pem_slotname.as_ptr(), - (::std::mem::size_of::<[libc::c_char; 13]>() as u64) - .wrapping_sub(1 as u64), - ) == 0 - { - Curl_failf( - data, - b"NSS: refusing previously loaded certificate from file: %s\0" as *const u8 - as *const libc::c_char, - nickname, - ); - return SECFailure; - } - if (*pRetKey).is_null() { - Curl_failf( - data, - b"NSS: private key not found for certificate: %s\0" as *const u8 as *const libc::c_char, - nickname, - ); - return SECFailure; - } - Curl_infof( - data, - b"NSS: using client certificate: %s\0" as *const u8 as *const libc::c_char, - nickname, - ); - display_cert_info(data, *pRetCert); - return SECSuccess; - } - } - - /* update blocking direction in case of PR_WOULD_BLOCK_ERROR */ - extern "C" fn nss_update_connecting_state( - mut state: ssl_connect_state, - mut secret: *mut libc::c_void, - ) { - unsafe{ - let mut connssl: *mut ssl_connect_data = secret as *mut ssl_connect_data; - if PR_GetError() as i64 != -(5998 as i64) { - /* an unrelated error is passing by */ - return; - } - match (*connssl).connecting_state as u32 { - 1 | 2 | 3 => {} - _ => return, - } - /* we are not called from an SSL handshake */ - (*connssl).connecting_state = state; - } - } - - /* recv() wrapper we use to detect blocking direction during SSL handshake */ - extern "C" fn nspr_io_recv( - mut fd: *mut PRFileDesc, - mut buf: *mut libc::c_void, - mut amount: PRInt32, - mut flags: PRIntn, - mut timeout: PRIntervalTime, - ) -> PRInt32 { - unsafe{ - let recv_fn: PRRecvFN = (*(*(*fd).lower).methods).recv; - let rv: PRInt32 = - recv_fn.expect("non-null function pointer")((*fd).lower, buf, amount, flags, timeout); - if rv < 0 as i32 { - /* check for PR_WOULD_BLOCK_ERROR and update blocking direction */ - nss_update_connecting_state(ssl_connect_2_reading, (*fd).secret as *mut libc::c_void); - } - return rv; - } - } - - /* send() wrapper we use to detect blocking direction during SSL handshake */ - extern "C" fn nspr_io_send( - mut fd: *mut PRFileDesc, - mut buf: *const libc::c_void, - mut amount: PRInt32, - mut flags: PRIntn, - mut timeout: PRIntervalTime, - ) -> PRInt32 { - unsafe{ - let send_fn: PRSendFN = (*(*(*fd).lower).methods).send; - let rv: PRInt32 = - send_fn.expect("non-null function pointer")((*fd).lower, buf, amount, flags, timeout); - if rv < 0 as i32 { - /* check for PR_WOULD_BLOCK_ERROR and update blocking direction */ - nss_update_connecting_state(ssl_connect_2_writing, (*fd).secret as *mut libc::c_void); - } - return rv; - } - } - /* close() wrapper to avoid assertion failure due to fd->secret != NULL */ - extern "C" fn nspr_io_close(mut fd: *mut PRFileDesc) -> PRStatus { - unsafe{ - let close_fn: PRCloseFN = (*PR_GetDefaultIOMethods()).close; - (*fd).secret = 0 as *mut PRFilePrivate; - return close_fn.expect("non-null function pointer")(fd); - } - } - - /* load a PKCS #11 module */ - extern "C" fn nss_load_module( - mut pmod: *mut *mut SECMODModule, - mut library: *const libc::c_char, - mut name: *const libc::c_char, - ) -> CURLcode { - unsafe{ - let mut config_string: *mut libc::c_char = 0 as *mut libc::c_char; - let mut module: *mut SECMODModule = *pmod; - if !module.is_null() { - /* already loaded */ - return CURLE_OK; - } - config_string = curl_maprintf( - b"library=%s name=%s\0" as *const u8 as *const libc::c_char, - library, - name, - ); - if config_string.is_null() { - return CURLE_OUT_OF_MEMORY; - } - module = SECMOD_LoadUserModule(config_string, 0 as *mut SECMODModule, 0 as i32); - #[cfg(not(CURLDEBUG))] - Curl_cfree.expect("non-null function pointer")(config_string as *mut libc::c_void); - #[cfg(CURLDEBUG)] - curl_dbg_free( - config_string as *mut libc::c_void, - 1311 as libc::c_int, - b"vtls/nss.c\0" as *const u8 as *const libc::c_char, - ); - if !module.is_null() && (*module).loaded != 0 { - /* loaded successfully */ - *pmod = module; - return CURLE_OK; - } - if !module.is_null() { - SECMOD_DestroyModule(module); - } - return CURLE_FAILED_INIT; - } - } - - - /* unload a PKCS #11 module */ - extern "C" fn nss_unload_module(mut pmod: *mut *mut SECMODModule) { - unsafe{ - let mut module: *mut SECMODModule = *pmod; - if module.is_null() { - /* not loaded */ - return; - } - if SECMOD_UnloadUserModule(module) as i32 != SECSuccess as i32 { - /* unload failed */ - return; - } - SECMOD_DestroyModule(module); - *pmod = 0 as *mut SECMODModule; - } - } - - /* data might be NULL */ - extern "C" fn nss_init_core( - mut data: *mut Curl_easy, - mut cert_dir: *const libc::c_char, - ) -> CURLcode { - unsafe{ - let mut initparams: NSSInitParameters = NSSInitParameters { - length: 0, - passwordRequired: 0, - minPWLen: 0, - manufactureID: 0 as *mut libc::c_char, - libraryDescription: 0 as *mut libc::c_char, - cryptoTokenDescription: 0 as *mut libc::c_char, - dbTokenDescription: 0 as *mut libc::c_char, - FIPSTokenDescription: 0 as *mut libc::c_char, - cryptoSlotDescription: 0 as *mut libc::c_char, - dbSlotDescription: 0 as *mut libc::c_char, - FIPSSlotDescription: 0 as *mut libc::c_char, - }; - let mut err: PRErrorCode = 0; - let mut err_name: *const libc::c_char = 0 as *const libc::c_char; - if !nss_context.is_null() { - return CURLE_OK; - } - memset( - &mut initparams as *mut NSSInitParameters as *mut libc::c_void, - '\u{0}' as i32, - ::std::mem::size_of::() as u64, - ); - initparams.length = ::std::mem::size_of::() as u32; - if !cert_dir.is_null() { - let mut certpath: *mut libc::c_char = - curl_maprintf(b"sql:%s\0" as *const u8 as *const libc::c_char, cert_dir); - if certpath.is_null() { - return CURLE_OUT_OF_MEMORY; - } - Curl_infof( - data, - b"Initializing NSS with certpath: %s\0" as *const u8 as *const libc::c_char, - certpath, - ); - nss_context = NSS_InitContext( - certpath, - b"\0" as *const u8 as *const libc::c_char, - b"\0" as *const u8 as *const libc::c_char, - b"\0" as *const u8 as *const libc::c_char, - &mut initparams, - (0x1 as i32 | 0x80 as i32) as PRUint32, - ); - #[cfg(not(CURLDEBUG))] - Curl_cfree.expect("non-null function pointer")(certpath as *mut libc::c_void); - #[cfg(CURLDEBUG)] - curl_dbg_free( - certpath as *mut libc::c_void, - 1361 as libc::c_int, - b"vtls/nss.c\0" as *const u8 as *const libc::c_char, - ); - if !nss_context.is_null() { - return CURLE_OK; - } - err = PR_GetError(); - err_name = nss_error_to_name(err); - Curl_infof( - data, - b"Unable to initialize NSS database: %d (%s)\0" as *const u8 as *const libc::c_char, - err, - err_name, - ); - } - Curl_infof( - data, - b"Initializing NSS with certpath: none\0" as *const u8 as *const libc::c_char, - ); - nss_context = NSS_InitContext( - b"\0" as *const u8 as *const libc::c_char, - b"\0" as *const u8 as *const libc::c_char, - b"\0" as *const u8 as *const libc::c_char, - b"\0" as *const u8 as *const libc::c_char, - &mut initparams, - (0x1 as i32 - | 0x2 as i32 - | 0x4 as i32 - | 0x8 as i32 - | 0x10 as i32 - | 0x20 as i32 - | 0x80 as i32) as PRUint32, - ); - if !nss_context.is_null() { - return CURLE_OK; - } - err = PR_GetError(); - err_name = nss_error_to_name(err); - Curl_failf( - data, - b"Unable to initialize NSS: %d (%s)\0" as *const u8 as *const libc::c_char, - err, - err_name, - ); - return CURLE_SSL_CACERT_BADFILE; - } - } - - - /* data might be NULL */ - extern "C" fn nss_setup(mut data: *mut Curl_easy) -> CURLcode { - unsafe{ - let mut cert_dir: *mut libc::c_char = 0 as *mut libc::c_char; - let mut st: stat = stat { - st_dev: 0, - st_ino: 0, - st_nlink: 0, - st_mode: 0, - st_uid: 0, - st_gid: 0, - __pad0: 0, - st_rdev: 0, - st_size: 0, - st_blksize: 0, - st_blocks: 0, - st_atim: timespec { - tv_sec: 0, - tv_nsec: 0, - }, - st_mtim: timespec { - tv_sec: 0, - tv_nsec: 0, - }, - st_ctim: timespec { - tv_sec: 0, - tv_nsec: 0, - }, - __glibc_reserved: [0; 3], - }; - let mut result: CURLcode = CURLE_OK; - if initialized != 0 { - return CURLE_OK; - } - /* list of all CRL items we need to destroy in nss_cleanup() */ - Curl_llist_init( - &mut nss_crl_list, - Some( - nss_destroy_crl_item - as unsafe extern "C" fn(*mut libc::c_void, *mut libc::c_void) -> (), - ), - ); - /* First we check if $SSL_DIR points to a valid dir */ - cert_dir = getenv(b"SSL_DIR\0" as *const u8 as *const libc::c_char); - if !cert_dir.is_null() { - if stat(cert_dir, &mut st) != 0 as i32 - || !(st.st_mode & 0o170000 as u32 - == 0o40000 as u32) - { - cert_dir = 0 as *mut libc::c_char; - } - } - - /* Now we check if the default location is a valid dir */ - if cert_dir.is_null() { - /* allocate an identity for our own NSPR I/O layer */ - if stat( - b"/etc/pki/nssdb\0" as *const u8 as *const libc::c_char, - &mut st, - ) == 0 as i32 - && st.st_mode & 0o170000 as u32 - == 0o40000 as u32 - { - cert_dir = b"/etc/pki/nssdb\0" as *const u8 as *const libc::c_char as *mut libc::c_char; - } - } - if nspr_io_identity == -(1 as i32) { - nspr_io_identity = PR_GetUniqueIdentity(b"libcurl\0" as *const u8 as *const libc::c_char); - if nspr_io_identity == -(1 as i32) { - return CURLE_OUT_OF_MEMORY; - } - /* the default methods just call down to the lower I/O layer */ - memcpy( - &mut nspr_io_methods as *mut PRIOMethods as *mut libc::c_void, - PR_GetDefaultIOMethods() as *const libc::c_void, - ::std::mem::size_of::() as u64, - ); - /* override certain methods in the table by our wrappers */ - nspr_io_methods.recv = Some( - nspr_io_recv - as unsafe extern "C" fn( - *mut PRFileDesc, - *mut libc::c_void, - PRInt32, - PRIntn, - PRIntervalTime, - ) -> PRInt32, - ); - nspr_io_methods.send = Some( - nspr_io_send - as unsafe extern "C" fn( - *mut PRFileDesc, - *const libc::c_void, - PRInt32, - PRIntn, - PRIntervalTime, - ) -> PRInt32, - ); - nspr_io_methods.close = - Some(nspr_io_close as unsafe extern "C" fn(*mut PRFileDesc) -> PRStatus); - } - result = nss_init_core(data, cert_dir); - if result as u64 != 0 { - return result; - } - if !any_cipher_enabled() { - NSS_SetDomesticPolicy(); - } - ::std::ptr::write_volatile(&mut initialized as *mut i32, 1 as i32); - return CURLE_OK; - } - } - /** - * Global SSL init - * - * @retval 0 error initializing SSL - * @retval 1 SSL initialized successfully - */ - - extern "C" fn nss_init() -> i32 { - unsafe{ - /* curl_global_init() is not thread-safe so this test is ok */ - if nss_initlock.is_null() { - PR_Init( - PR_USER_THREAD, - PR_PRIORITY_NORMAL, - 0 as PRUintn, - ); - nss_initlock = PR_NewLock(); - nss_crllock = PR_NewLock(); - nss_findslot_lock = PR_NewLock(); - nss_trustload_lock = PR_NewLock(); - } - /* We will actually initialize NSS later */ - return 1 as i32; - } - } - #[no_mangle] - /* data might be NULL */ - pub extern "C" fn Curl_nss_force_init(mut data: *mut Curl_easy) -> CURLcode { - unsafe{ - let mut result: CURLcode = CURLE_OK; - if nss_initlock.is_null() { - if !data.is_null() { - Curl_failf( + } + #[cfg(not(CURLDEBUG))] + return unsafe { Curl_cstrdup.expect("non-null function pointer")(str) }; + #[cfg(CURLDEBUG)] + return unsafe { + curl_dbg_strdup( + str, + 437 as libc::c_int, + b"vtls/nss.c\0" as *const u8 as *const libc::c_char, + ) + }; + } + return 0 as *mut libc::c_char; +} +/* we'll use the PEM reader to read the certificate from file */ + +/* Lock/unlock wrapper for PK11_FindSlotByName() to work around race condition + * in nssSlot_IsTokenPresent() causing spurious SEC_ERROR_NO_TOKEN. For more + * details, go to . + */ +extern "C" fn nss_find_slot_by_name(mut slot_name: *const libc::c_char) -> *mut PK11SlotInfo { + let mut slot: *mut PK11SlotInfo = 0 as *mut PK11SlotInfo; + unsafe { + PR_Lock(nss_findslot_lock); + slot = PK11_FindSlotByName(slot_name); + PR_Unlock(nss_findslot_lock); + } + return slot; +} + +/* wrap 'ptr' as list node and tail-insert into 'list' */ +extern "C" fn insert_wrapped_ptr( + mut list: *mut Curl_llist, + mut ptr: *mut libc::c_void, +) -> CURLcode { + #[cfg(not(CURLDEBUG))] + let mut wrap: *mut ptr_list_wrap = unsafe { + Curl_cmalloc.expect("non-null function pointer")( + ::std::mem::size_of::() as u64 + ) as *mut ptr_list_wrap + }; + #[cfg(CURLDEBUG)] + let mut wrap: *mut ptr_list_wrap = unsafe { + curl_dbg_malloc( + ::std::mem::size_of::() as libc::c_ulong, + 460 as libc::c_int, + b"vtls/nss.c\0" as *const u8 as *const libc::c_char, + ) as *mut ptr_list_wrap + }; + if wrap.is_null() { + return CURLE_OUT_OF_MEMORY; + } + unsafe { + (*wrap).ptr = ptr; + Curl_llist_insert_next( + list, + (*list).tail, + wrap as *const libc::c_void, + &mut (*wrap).node, + ); + } + return CURLE_OK; +} +/* Call PK11_CreateGenericObject() with the given obj_class and filename. If + * the call succeeds, append the object handle to the list of objects so that + * the object can be destroyed in nss_close(). */ +extern "C" fn nss_create_object( + mut connssl: *mut ssl_connect_data, + mut obj_class: CK_OBJECT_CLASS, + mut filename: *const libc::c_char, + mut cacert: bool, +) -> CURLcode { + let mut slot: *mut PK11SlotInfo = 0 as *mut PK11SlotInfo; + let mut obj: *mut PK11GenericObject = 0 as *mut PK11GenericObject; + let mut cktrue: CK_BBOOL = 1 as i32 as CK_BBOOL; + let mut ckfalse: CK_BBOOL = 0 as i32 as CK_BBOOL; + let mut attrs: [CK_ATTRIBUTE; 4] = [CK_ATTRIBUTE { + type_0: 0, + pValue: 0 as *mut libc::c_void, + ulValueLen: 0, + }; 4]; + let mut attr_cnt: i32 = 0 as i32; + let mut result: CURLcode = (if cacert as i32 != 0 { + CURLE_SSL_CACERT_BADFILE as i32 + } else { + CURLE_SSL_CERTPROBLEM as i32 + }) as CURLcode; + let slot_id: i32 = if cacert as i32 != 0 { + 0 as i32 + } else { + 1 as i32 + }; + let mut slot_name: *mut libc::c_char = unsafe { + curl_maprintf( + b"PEM Token #%d\0" as *const u8 as *const libc::c_char, + slot_id, + ) + }; + let mut backend: *mut ssl_backend_data = unsafe { (*connssl).backend }; + if slot_name.is_null() { + return CURLE_OUT_OF_MEMORY; + } + slot = nss_find_slot_by_name(slot_name); + #[cfg(not(CURLDEBUG))] + unsafe { + Curl_cfree.expect("non-null function pointer")(slot_name as *mut libc::c_void); + } + + #[cfg(CURLDEBUG)] + unsafe { + curl_dbg_free( + slot_name as *mut libc::c_void, + 493 as libc::c_int, + b"vtls/nss.c\0" as *const u8 as *const libc::c_char, + ); + } + if slot.is_null() { + return result; + } + attr_cnt = attr_cnt + 1; + let mut ptr: *mut CK_ATTRIBUTE = unsafe { attrs.as_mut_ptr().offset(attr_cnt as isize) }; + unsafe { + (*ptr).type_0 = 0 as CK_ATTRIBUTE_TYPE; + (*ptr).pValue = &mut obj_class as *mut CK_OBJECT_CLASS as CK_VOID_PTR; + (*ptr).ulValueLen = ::std::mem::size_of::() as u64; + } + attr_cnt = attr_cnt + 1; + let mut ptr_0: *mut CK_ATTRIBUTE = unsafe { attrs.as_mut_ptr().offset(attr_cnt as isize) }; + unsafe { + (*ptr_0).type_0 = 0x1 as CK_ATTRIBUTE_TYPE; + (*ptr_0).pValue = &mut cktrue as *mut CK_BBOOL as CK_VOID_PTR; + (*ptr_0).ulValueLen = ::std::mem::size_of::() as u64; + } + attr_cnt = attr_cnt + 1; + let mut ptr_1: *mut CK_ATTRIBUTE = unsafe { attrs.as_mut_ptr().offset(attr_cnt as isize) }; + unsafe { + (*ptr_1).type_0 = 0x3 as CK_ATTRIBUTE_TYPE; + (*ptr_1).pValue = filename as *mut u8 as CK_VOID_PTR; + (*ptr_1).ulValueLen = (strlen(filename)).wrapping_add(1 as u64); + } + if 0x1 as u64 == obj_class { + let mut pval: *mut CK_BBOOL = if cacert as i32 != 0 { + &mut cktrue + } else { + &mut ckfalse + }; + attr_cnt = attr_cnt + 1; + let mut ptr_2: *mut CK_ATTRIBUTE = unsafe { attrs.as_mut_ptr().offset(attr_cnt as isize) }; + unsafe { + (*ptr_2).type_0 = (0x80000000 as u32 | 0x4e534350 as u32).wrapping_add(0x2000 as u32) + as CK_ATTRIBUTE_TYPE; + (*ptr_2).pValue = pval as CK_VOID_PTR; + (*ptr_2).ulValueLen = ::std::mem::size_of::() as u64; + } + } + // done - 511 + if cfg!(HAVE_PK11_CREATEMANAGEDGENERICOBJECT) { + obj = unsafe { + PK11_CreateManagedGenericObject(slot, attrs.as_mut_ptr(), attr_cnt, 0 as i32) + }; + } + unsafe { + PK11_FreeSlot(slot); + } + if obj.is_null() { + return result; + } + if unsafe { insert_wrapped_ptr(&mut (*backend).obj_list, obj as *mut libc::c_void) as u32 } + != CURLE_OK as u32 + { + unsafe { + PK11_DestroyGenericObject(obj); + } + return CURLE_OUT_OF_MEMORY; + } + if !cacert && 0x1 as u64 == obj_class { + /* store reference to a client certificate */ + unsafe { + (*backend).obj_clicert = obj; + } + } + /* PK11_CreateManagedGenericObject() was introduced in NSS 3.34 because + * PK11_DestroyGenericObject() does not release resources allocated by + * PK11_CreateGenericObject() early enough. */ + return CURLE_OK; +} + +/* Destroy the NSS object whose handle is given by ptr. This function is + * a callback of Curl_llist_alloc() used by Curl_llist_destroy() to destroy + * NSS objects in nss_close() */ +extern "C" fn nss_destroy_object(mut user: *mut libc::c_void, mut ptr: *mut libc::c_void) { + let mut wrap: *mut ptr_list_wrap = ptr as *mut ptr_list_wrap; + let mut obj: *mut PK11GenericObject = unsafe { (*wrap).ptr as *mut PK11GenericObject }; + unsafe { + PK11_DestroyGenericObject(obj); + } + #[cfg(not(CURLDEBUG))] + unsafe { + Curl_cfree.expect("non-null function pointer")(wrap as *mut libc::c_void); + } + + #[cfg(CURLDEBUG)] + unsafe { + curl_dbg_free( + wrap as *mut libc::c_void, + 543 as libc::c_int, + b"vtls/nss.c\0" as *const u8 as *const libc::c_char, + ); + } +} + +/* same as nss_destroy_object() but for CRL items */ +extern "C" fn nss_destroy_crl_item(mut user: *mut libc::c_void, mut ptr: *mut libc::c_void) { + let mut wrap: *mut ptr_list_wrap = ptr as *mut ptr_list_wrap; + let mut crl_der: *mut SECItem = unsafe { (*wrap).ptr as *mut SECItem }; + unsafe { + SECITEM_FreeItem(crl_der, 1 as i32); + } + #[cfg(not(CURLDEBUG))] + unsafe { + Curl_cfree.expect("non-null function pointer")(wrap as *mut libc::c_void); + } + #[cfg(CURLDEBUG)] + unsafe { + curl_dbg_free( + wrap as *mut libc::c_void, + 553 as libc::c_int, + b"vtls/nss.c\0" as *const u8 as *const libc::c_char, + ); + } +} + +extern "C" fn nss_load_cert( + mut ssl: *mut ssl_connect_data, + mut filename: *const libc::c_char, + mut cacert: PRBool, +) -> CURLcode { + /* libnsspem.so leaks memory if the requested file does not exist. For more + * details, go to . */ + let mut result: CURLcode = (if cacert != 0 { + CURLE_SSL_CACERT_BADFILE as i32 + } else { + CURLE_SSL_CERTPROBLEM as i32 + }) as CURLcode; + if is_file(filename) != 0 { + /* we have successfully loaded a client certificate */ + result = nss_create_object(ssl, 0x1 as CK_OBJECT_CLASS, filename, cacert != 0); + } + if result as u64 == 0 && cacert == 0 { + let mut nickname: *mut libc::c_char = 0 as *mut libc::c_char; + let mut n: *mut libc::c_char = unsafe { strrchr(filename, '/' as i32) }; + if !n.is_null() { + n = unsafe { n.offset(1) }; + } + /* The following undocumented magic helps to avoid a SIGSEGV on call + * of PK11_ReadRawAttribute() from SelectClientCert() when using an + * immature version of libnsspem.so. For more details, go to + * . */ + nickname = + unsafe { curl_maprintf(b"PEM Token #1:%s\0" as *const u8 as *const libc::c_char, n) }; + if !nickname.is_null() { + let mut cert: *mut CERTCertificate = + unsafe { PK11_FindCertFromNickname(nickname, 0 as *mut libc::c_void) }; + if !cert.is_null() { + unsafe { CERT_DestroyCertificate(cert) }; + } + #[cfg(not(CURLDEBUG))] + unsafe { + Curl_cfree.expect("non-null function pointer")(nickname as *mut libc::c_void); + } + #[cfg(CURLDEBUG)] + unsafe { + curl_dbg_free( + nickname as *mut libc::c_void, + 585 as libc::c_int, + b"vtls/nss.c\0" as *const u8 as *const libc::c_char, + ); + } + } + } + return result; +} + +/* add given CRL to cache if it is not already there */ +extern "C" fn nss_cache_crl(mut crl_der: *mut SECItem) -> CURLcode { + let mut db: *mut CERTCertDBHandle = unsafe { CERT_GetDefaultCertDB() }; + let mut crl: *mut CERTSignedCrl = unsafe { SEC_FindCrlByDERCert(db, crl_der, 0 as i32) }; + if !crl.is_null() { + /* CRL already cached */ + unsafe { + SEC_DestroyCrl(crl); + SECITEM_FreeItem(crl_der, 1 as i32); + } + return CURLE_OK; + } + + /* acquire lock before call of CERT_CacheCRL() and accessing nss_crl_list */ + unsafe { + PR_Lock(nss_crllock); + } + if SECSuccess as i32 != unsafe { CERT_CacheCRL(db, crl_der) as i32 } { + /* unable to cache CRL */ + unsafe { + SECITEM_FreeItem(crl_der, 1 as i32); + PR_Unlock(nss_crllock); + } + return CURLE_SSL_CRL_BADFILE; + } + /* store the CRL item so that we can free it in nss_cleanup() */ + if unsafe { + insert_wrapped_ptr(&mut nss_crl_list, crl_der as *mut libc::c_void) as u32 + != CURLE_OK as u32 + } { + if SECSuccess as i32 == unsafe { CERT_UncacheCRL(db, crl_der) as i32 } { + unsafe { + SECITEM_FreeItem(crl_der, 1 as i32); + } + } + unsafe { + PR_Unlock(nss_crllock); + } + return CURLE_OUT_OF_MEMORY; + } + /* we need to clear session cache, so that the CRL could take effect */ + unsafe { + SSL_ClearSessionCache(); + PR_Unlock(nss_crllock); + } + return CURLE_OK; +} + +// unsafe extern "C" fn nss_load_crl(mut crlfilename: *const libc::c_char) -> CURLcode { +// let mut current_block: u64; +// let mut infile: *mut PRFileDesc = 0 as *mut PRFileDesc; +// let mut info: PRFileInfo = PRFileInfo { +// type_0: 0 as PRFileType, +// size: 0, +// creationTime: 0, +// modifyTime: 0, +// }; +// let mut filedata: SECItem = { +// let mut init = SECItemStr { +// type_0: siBuffer, +// data: 0 as *mut u8, +// len: 0 as i32 as u32, +// }; +// init +// }; +// let mut crl_der: *mut SECItem = 0 as *mut SECItem; +// let mut body: *mut libc::c_char = 0 as *mut libc::c_char; +// infile = PR_Open(crlfilename, 0x1 as i32, 0 as i32); +// if infile.is_null() { +// return CURLE_SSL_CRL_BADFILE; +// } +// if !(PR_SUCCESS as i32 +// != PR_GetOpenFileInfo(infile, &mut info) as i32) +// { +// if !(SECITEM_AllocItem( +// 0 as *mut PLArenaPool, +// &mut filedata, +// (info.size + 1 as i32) as u32, +// )) +// .is_null() +// { +// if !(info.size +// != PR_Read(infile, filedata.data as *mut libc::c_void, info.size)) +// { +// crl_der = SECITEM_AllocItem( +// 0 as *mut PLArenaPool, +// 0 as *mut SECItem, +// 0 as u32, +// ); +// if !crl_der.is_null() { +// body = filedata.data as *mut libc::c_char; +// filedata.len = (filedata.len).wrapping_sub(1); +// *body.offset(filedata.len as isize) = '\u{0}' as i32 as libc::c_char; +// body = strstr( +// body, +// b"-----BEGIN\0" as *const u8 as *const libc::c_char, +// ); +// if !body.is_null() { +// let mut trailer: *mut libc::c_char = 0 as *mut libc::c_char; +// let mut begin: *mut libc::c_char = strchr(body, '\n' as i32); +// if begin.is_null() { +// begin = strchr(body, '\r' as i32); +// } +// if begin.is_null() { +// current_block = 8725644592553896754; +// } else { +// begin = begin.offset(1); +// trailer = strstr( +// begin, +// b"-----END\0" as *const u8 as *const libc::c_char, +// ); +// if trailer.is_null() { +// current_block = 8725644592553896754; +// } else { +// *trailer = '\u{0}' as i32 as libc::c_char; +// if ATOB_ConvertAsciiToItem(crl_der, begin) as u64 != 0 { +// current_block = 8725644592553896754; +// } else { +// SECITEM_FreeItem(&mut filedata, 0 as i32); +// current_block = 17478428563724192186; +// } +// } +// } +// } else { +// *crl_der = filedata; +// current_block = 17478428563724192186; +// } +// match current_block { +// 8725644592553896754 => {} +// _ => { +// PR_Close(infile); +// return nss_cache_crl(crl_der); +// } +// } +// } +// } +// } +// } +// PR_Close(infile); +// SECITEM_FreeItem(crl_der, 1 as i32); +// SECITEM_FreeItem(&mut filedata, 0 as i32); +// return CURLE_SSL_CRL_BADFILE; +// } +extern "C" fn nss_load_crl(mut crlfilename: *const libc::c_char) -> CURLcode { + let mut infile: *mut PRFileDesc = 0 as *mut PRFileDesc; + let mut info: PRFileInfo = PRFileInfo { + type_0: 0 as PRFileType, + size: 0, + creationTime: 0, + modifyTime: 0, + }; + let mut filedata: SECItem = { + let mut init = SECItemStr { + type_0: siBuffer, + data: 0 as *mut u8, + len: 0 as i32 as u32, + }; + init + }; + let mut crl_der: *mut SECItem = 0 as *mut SECItem; + let mut body: *mut libc::c_char = 0 as *mut libc::c_char; + infile = unsafe { PR_Open(crlfilename, 0x1 as i32, 0 as i32) }; + if infile.is_null() { + return CURLE_SSL_CRL_BADFILE; + } + // 创建一个循环 + 'fail: loop { + if PR_SUCCESS as i32 != unsafe { PR_GetOpenFileInfo(infile, &mut info) as i32 } { + break 'fail; + } + if unsafe { + (SECITEM_AllocItem( + 0 as *mut PLArenaPool, + &mut filedata, + (info.size + 1 as i32) as u32, + )) + .is_null() + } { + break 'fail; + } + if info.size != unsafe { PR_Read(infile, filedata.data as *mut libc::c_void, info.size) } { + break 'fail; + } + crl_der = unsafe { SECITEM_AllocItem(0 as *mut PLArenaPool, 0 as *mut SECItem, 0 as u32) }; + if crl_der.is_null() { + break 'fail; + } + /* place a trailing zero right after the visible data */ + body = filedata.data as *mut libc::c_char; + filedata.len = (filedata.len).wrapping_sub(1); + unsafe { + *body.offset(filedata.len as isize) = '\u{0}' as i32 as libc::c_char; + body = strstr(body, b"-----BEGIN\0" as *const u8 as *const libc::c_char); + } + if !body.is_null() { + /* assume ASCII */ + let mut trailer: *mut libc::c_char = 0 as *mut libc::c_char; + let mut begin: *mut libc::c_char = unsafe { strchr(body, '\n' as i32) }; + if begin.is_null() { + begin = unsafe { strchr(body, '\r' as i32) }; + } + if begin.is_null() { + break 'fail; + } + begin = unsafe { begin.offset(1) }; + trailer = unsafe { strstr(begin, b"-----END\0" as *const u8 as *const libc::c_char) }; + if trailer.is_null() { + break 'fail; + } + /* retrieve DER from ASCII */ + unsafe { + *trailer = '\u{0}' as libc::c_char; + if ATOB_ConvertAsciiToItem(crl_der, begin) as u64 != 0 { + break 'fail; + } + SECITEM_FreeItem(&mut filedata, 0 as i32); + } + } else { + /* assume DER */ + unsafe { + *crl_der = filedata; + } + } + unsafe { + PR_Close(infile); + } + // curl_mprintf(b"hanxj\0" as *const u8 as *const libc::c_char); + return nss_cache_crl(crl_der); + break 'fail; + } + unsafe { + PR_Close(infile); + SECITEM_FreeItem(crl_der, 1 as i32); + SECITEM_FreeItem(&mut filedata, 0 as i32); + } + return CURLE_SSL_CRL_BADFILE; +} + +extern "C" fn nss_load_key( + mut data: *mut Curl_easy, + mut conn: *mut connectdata, + mut sockindex: i32, + mut key_file: *mut libc::c_char, +) -> CURLcode { + let mut slot: *mut PK11SlotInfo = 0 as *mut PK11SlotInfo; + let mut tmp: *mut PK11SlotInfo = 0 as *mut PK11SlotInfo; + let mut status: SECStatus = SECSuccess; + let mut result: CURLcode = CURLE_OK; + let mut ssl: *mut ssl_connect_data = unsafe { ((*conn).ssl).as_mut_ptr() }; + result = nss_create_object(ssl, 0x3 as CK_OBJECT_CLASS, key_file, 0 as i32 != 0); + if result as u64 != 0 { + unsafe { + PR_SetError(SEC_ERROR_BAD_KEY as i32, 0 as i32); + } + return result; + } + slot = nss_find_slot_by_name(b"PEM Token #1\0" as *const u8 as *const libc::c_char); + if slot.is_null() { + return CURLE_SSL_CERTPROBLEM; + } + /* This will force the token to be seen as re-inserted */ + tmp = unsafe { SECMOD_WaitForAnyTokenEvent(pem_module, 0 as u64, 0 as PRIntervalTime) }; + if !tmp.is_null() { + unsafe { + PK11_FreeSlot(tmp); + } + } + if unsafe { PK11_IsPresent(slot) == 0 } { + unsafe { + PK11_FreeSlot(slot); + } + return CURLE_SSL_CERTPROBLEM; + } + #[cfg(not(CURL_DISABLE_PROXY))] + let SSL_SET_OPTION_key_passwd = unsafe { + PK11_Authenticate( + slot, + 1 as i32, + (if CURLPROXY_HTTPS as u32 == (*conn).http_proxy.proxytype as u32 + && ssl_connection_complete as u32 + != (*conn).proxy_ssl[(if (*conn).sock[1 as usize] == -(1 as i32) { + 0 as i32 + } else { + 1 as i32 + }) as usize] + .state as u32 + { + (*data).set.proxy_ssl.key_passwd + } else { + (*data).set.ssl.key_passwd + }) as *mut libc::c_void, + ) + }; + #[cfg(CURL_DISABLE_PROXY)] + let SSL_SET_OPTION_key_passwd = unsafe { + PK11_Authenticate( + slot, + 1 as i32, + (*data).set.ssl.key_passwd as *mut libc::c_void, + ) + }; + + status = SSL_SET_OPTION_key_passwd; + unsafe { + PK11_FreeSlot(slot); + } + return (if SECSuccess as i32 == status as i32 { + CURLE_OK as i32 + } else { + CURLE_SSL_CERTPROBLEM as i32 + }) as CURLcode; +} + +extern "C" fn display_error( + mut data: *mut Curl_easy, + mut err: PRInt32, + mut filename: *const libc::c_char, +) -> i32 { + match err { + -8177 => { + unsafe { + Curl_failf( + data, + b"Unable to load client key: Incorrect password\0" as *const u8 + as *const libc::c_char, + ); + } + return 1 as i32; + } + -8077 => { + unsafe { + Curl_failf( + data, + b"Unable to load certificate %s\0" as *const u8 as *const libc::c_char, + filename, + ); + } + return 1 as i32; + } + _ => {} + } + return 0 as i32; /* The caller will print a generic error */ +} + +extern "C" fn cert_stuff( + mut data: *mut Curl_easy, + mut conn: *mut connectdata, + mut sockindex: i32, + mut cert_file: *mut libc::c_char, + mut key_file: *mut libc::c_char, +) -> CURLcode { + let mut result: CURLcode = CURLE_OK; + if !cert_file.is_null() { + result = unsafe { + nss_load_cert( + &mut *((*conn).ssl).as_mut_ptr().offset(sockindex as isize), + cert_file, + 0 as i32, + ) + }; + if result as u64 != 0 { + let err: PRErrorCode = unsafe { PR_GetError() }; + if display_error(data, err, cert_file) == 0 { + let mut err_name: *const libc::c_char = nss_error_to_name(err); + unsafe { + Curl_failf( + data, + b"unable to load client cert: %d (%s)\0" as *const u8 + as *const libc::c_char, + err, + err_name, + ); + } + } + return result; + } + } + if !key_file.is_null() || is_file(cert_file) != 0 { + if !key_file.is_null() { + result = nss_load_key(data, conn, sockindex, key_file); + } else { + /* In case the cert file also has the key */ + result = nss_load_key(data, conn, sockindex, cert_file); + } + if result as u64 != 0 { + let err_0: PRErrorCode = unsafe { PR_GetError() }; + if display_error(data, err_0, key_file) == 0 { + let mut err_name_0: *const libc::c_char = nss_error_to_name(err_0); + unsafe { + Curl_failf( + data, + b"unable to load client key: %d (%s)\0" as *const u8 as *const libc::c_char, + err_0, + err_name_0, + ); + } + } + return result; + } + } + return CURLE_OK; +} + +extern "C" fn nss_get_password( + mut slot: *mut PK11SlotInfo, /* unused */ + mut retry: PRBool, + mut arg: *mut libc::c_void, +) -> *mut libc::c_char { + if retry != 0 || arg.is_null() { + return 0 as *mut libc::c_char; + } else { + return unsafe { PORT_Strdup(arg as *mut libc::c_char) }; + }; +} + +/* bypass the default SSL_AuthCertificate() hook in case we do not want to + * verify peer */ +extern "C" fn nss_auth_cert_hook( + mut arg: *mut libc::c_void, + mut fd: *mut PRFileDesc, + mut checksig: PRBool, + mut isServer: PRBool, +) -> SECStatus { + let mut data: *mut Curl_easy = arg as *mut Curl_easy; + let mut conn: *mut connectdata = unsafe { (*data).conn }; + #[cfg(not(CURL_DISABLE_PROXY))] + let SSL_CONN_CONFIG_verifystatus = unsafe { + if CURLPROXY_HTTPS as i32 as u32 == (*conn).http_proxy.proxytype as u32 + && ssl_connection_complete as i32 as u32 + != (*conn).proxy_ssl[(if (*conn).sock[1 as i32 as usize] == -(1 as i32) { + 0 as i32 + } else { + 1 as i32 + }) as usize] + .state as u32 + { + ((*conn).proxy_ssl_config).verifystatus() as i32 + } else { + ((*conn).ssl_config).verifystatus() as i32 + } + }; + #[cfg(CURL_DISABLE_PROXY)] + let SSL_CONN_CONFIG_verifystatus = unsafe { ((*conn).ssl_config).verifystatus() }; + #[cfg(not(CURL_DISABLE_PROXY))] + let SSL_CONN_CONFIG_verifypeer = unsafe { + if CURLPROXY_HTTPS as u32 == (*conn).http_proxy.proxytype as u32 + && ssl_connection_complete as u32 + != (*conn).proxy_ssl[(if (*conn).sock[1 as usize] == -(1 as i32) { + 0 as i32 + } else { + 1 as i32 + }) as usize] + .state as u32 + { + ((*conn).proxy_ssl_config).verifypeer() as i32 + } else { + ((*conn).ssl_config).verifypeer() as i32 + } + }; + #[cfg(CURL_DISABLE_PROXY)] + let SSL_CONN_CONFIG_verifypeer = unsafe { ((*conn).ssl_config).verifypeer() }; + #[cfg(SSL_ENABLE_OCSP_STAPLING)] + if SSL_CONN_CONFIG_verifystatus != 0 { + let mut cacheResult: SECStatus = SECSuccess; + let mut csa: *const SECItemArray = unsafe { SSL_PeerStapledOCSPResponses(fd) }; + if csa.is_null() { + unsafe { + Curl_failf( + data, + b"Invalid OCSP response\0" as *const u8 as *const libc::c_char, + ); + } + return SECFailure; + } + if unsafe { (*csa).len == 0 as u32 } { + unsafe { + Curl_failf( + data, + b"No OCSP response received\0" as *const u8 as *const libc::c_char, + ); + } + return SECFailure; + } + cacheResult = unsafe { + CERT_CacheOCSPResponseFromSideChannel( + CERT_GetDefaultCertDB(), + SSL_PeerCertificate(fd), + PR_Now(), + &mut *((*csa).items).offset(0 as isize), + arg, + ) + }; + if cacheResult as i32 != SECSuccess as i32 { + unsafe { + Curl_failf( + data, + b"Invalid OCSP response\0" as *const u8 as *const libc::c_char, + ); + } + return cacheResult; + } + } + if SSL_CONN_CONFIG_verifypeer == 0 { + unsafe { + Curl_infof( + data, + b"skipping SSL peer certificate verification\0" as *const u8 as *const libc::c_char, + ); + } + return SECSuccess; + } + return unsafe { + SSL_AuthCertificate( + CERT_GetDefaultCertDB() as *mut libc::c_void, + fd, + checksig, + isServer, + ) + }; +} + +/** + * Inform the application that the handshake is complete. + */ +extern "C" fn HandshakeCallback(mut sock: *mut PRFileDesc, mut arg: *mut libc::c_void) { + let mut data: *mut Curl_easy = arg as *mut Curl_easy; + let mut conn: *mut connectdata = unsafe { (*data).conn }; + let mut buflenmax: u32 = 50 as u32; + let mut buf: [u8; 50] = [0; 50]; + let mut buflen: u32 = 0; + let mut state: SSLNextProtoState = SSL_NEXT_PROTO_NO_SUPPORT; + if unsafe { ((*conn).bits).tls_enable_npn() == 0 && ((*conn).bits).tls_enable_alpn() == 0 } { + return; + } + if unsafe { + SSL_GetNextProto(sock, &mut state, buf.as_mut_ptr(), &mut buflen, buflenmax) as i32 + } == SECSuccess as i32 + { + let mut current_block_6: u64; + match state as u32 { + 4 | 0 | 2 => { + unsafe { + Curl_infof( + data, + b"ALPN/NPN, server did not agree to a protocol\0" as *const u8 + as *const libc::c_char, + ); + } + return; + } + #[cfg(SSL_ENABLE_ALPN)] + 3 => unsafe { + Curl_infof( + data, + b"ALPN, server accepted to use %.*s\0" as *const u8 as *const libc::c_char, + buflen, + buf.as_mut_ptr(), + ); + }, + 1 => unsafe { + Curl_infof( + data, + b"NPN, server accepted to use %.*s\0" as *const u8 as *const libc::c_char, + buflen, + buf.as_mut_ptr(), + ); + }, + _ => { + current_block_6 = 10599921512955367680; + } + } + if buflen == 2 as u32 + && unsafe { + memcmp( + b"h2\0" as *const u8 as *const libc::c_char as *const libc::c_void, + buf.as_mut_ptr() as *const libc::c_void, + 2 as u64, + ) + } == 0 + { + unsafe { + (*conn).negnpn = CURL_HTTP_VERSION_2_0 as i32; + } + } else if buflen == 8 as u32 + && unsafe { + memcmp( + b"http/1.1\0" as *const u8 as *const libc::c_char as *const libc::c_void, + buf.as_mut_ptr() as *const libc::c_void, + 8 as u64, + ) == 0 + } + { + unsafe { + (*conn).negnpn = CURL_HTTP_VERSION_1_1 as i32; + } + } + unsafe { + Curl_multiuse_state( + data, + if (*conn).negnpn == CURL_HTTP_VERSION_2_0 as i32 { + 2 as i32 + } else { + -(1 as i32) + }, + ); + } + } +} + +// unsafe extern "C" fn CanFalseStartCallback( +// mut sock: *mut PRFileDesc, +// mut client_data: *mut libc::c_void, +// mut canFalseStart: *mut PRBool, +// ) -> SECStatus { +// let mut data: *mut Curl_easy = client_data as *mut Curl_easy; +// let mut channelInfo: SSLChannelInfo = SSLChannelInfo { +// length: 0, +// protocolVersion: 0, +// cipherSuite: 0, +// authKeyBits: 0, +// keaKeyBits: 0, +// creationTime: 0, +// lastAccessTime: 0, +// expirationTime: 0, +// sessionIDLength: 0, +// sessionID: [0; 32], +// compressionMethodName: 0 as *const libc::c_char, +// compressionMethod: ssl_compression_null, +// extendedMasterSecretUsed: 0, +// earlyDataAccepted: 0, +// keaType: ssl_kea_null, +// keaGroup: 0 as SSLNamedGroup, +// symCipher: ssl_calg_null, +// macAlgorithm: ssl_mac_null, +// authType: ssl_auth_null, +// signatureScheme: ssl_sig_none, +// originalKeaGroup: 0 as SSLNamedGroup, +// resumed: 0, +// peerDelegCred: 0, +// }; +// let mut cipherInfo: SSLCipherSuiteInfo = SSLCipherSuiteInfo { +// length: 0, +// cipherSuite: 0, +// cipherSuiteName: 0 as *const libc::c_char, +// authAlgorithmName: 0 as *const libc::c_char, +// authAlgorithm: ssl_auth_null, +// keaTypeName: 0 as *const libc::c_char, +// keaType: ssl_kea_null, +// symCipherName: 0 as *const libc::c_char, +// symCipher: ssl_calg_null, +// symKeyBits: 0, +// symKeySpace: 0, +// effectiveKeyBits: 0, +// macAlgorithmName: 0 as *const libc::c_char, +// macAlgorithm: ssl_mac_null, +// macBits: 0, +// c2rust_padding: [0; 1], +// isFIPS_isExportable_nonStandard_reservedBits: [0; 5], +// authType: ssl_auth_null, +// kdfHash: ssl_hash_none, +// }; +// let mut rv: SECStatus = SECSuccess; +// let mut negotiatedExtension: PRBool = 0; +// *canFalseStart = 0 as i32; +// if SSL_GetChannelInfo( +// sock, +// &mut channelInfo, +// ::std::mem::size_of::() as u64 as PRUintn, +// ) as i32 +// != SECSuccess as i32 +// { +// return SECFailure; +// } +// if SSL_GetCipherSuiteInfo( +// channelInfo.cipherSuite, +// &mut cipherInfo, +// ::std::mem::size_of::() as u64 as PRUintn, +// ) as i32 +// != SECSuccess as i32 +// { +// return SECFailure; +// } +// if !(channelInfo.protocolVersion as i32 != 0x303 as i32) { +// if !(cipherInfo.keaType as u32 != ssl_kea_ecdh as i32 as u32) { +// if !(cipherInfo.symCipher as u32 +// != ssl_calg_aes_gcm as i32 as u32) +// { +// rv = SSL_HandshakeNegotiatedExtension( +// sock, +// ssl_app_layer_protocol_xtn, +// &mut negotiatedExtension, +// ); +// if rv as i32 != SECSuccess as i32 || negotiatedExtension == 0 { +// rv = SSL_HandshakeNegotiatedExtension( +// sock, +// ssl_next_proto_nego_xtn, +// &mut negotiatedExtension, +// ); +// } +// if !(rv as i32 != SECSuccess as i32 || negotiatedExtension == 0) { +// *canFalseStart = 1 as i32; +// Curl_infof( +// data, +// b"Trying TLS False Start\0" as *const u8 as *const libc::c_char, +// ); +// } +// } +// } +// } +// return SECSuccess; +// } +extern "C" fn CanFalseStartCallback( + mut sock: *mut PRFileDesc, + mut client_data: *mut libc::c_void, + mut canFalseStart: *mut PRBool, +) -> SECStatus { + let mut data: *mut Curl_easy = client_data as *mut Curl_easy; + let mut channelInfo: SSLChannelInfo = SSLChannelInfo { + length: 0, + protocolVersion: 0, + cipherSuite: 0, + authKeyBits: 0, + keaKeyBits: 0, + creationTime: 0, + lastAccessTime: 0, + expirationTime: 0, + sessionIDLength: 0, + sessionID: [0; 32], + compressionMethodName: 0 as *const libc::c_char, + compressionMethod: ssl_compression_null, + extendedMasterSecretUsed: 0, + earlyDataAccepted: 0, + keaType: ssl_kea_null, + keaGroup: 0 as SSLNamedGroup, + symCipher: ssl_calg_null, + macAlgorithm: ssl_mac_null, + authType: ssl_auth_null, + signatureScheme: ssl_sig_none, + originalKeaGroup: 0 as SSLNamedGroup, + resumed: 0, + peerDelegCred: 0, + }; + let mut cipherInfo: SSLCipherSuiteInfo = SSLCipherSuiteInfo { + length: 0, + cipherSuite: 0, + cipherSuiteName: 0 as *const libc::c_char, + authAlgorithmName: 0 as *const libc::c_char, + authAlgorithm: ssl_auth_null, + keaTypeName: 0 as *const libc::c_char, + keaType: ssl_kea_null, + symCipherName: 0 as *const libc::c_char, + symCipher: ssl_calg_null, + symKeyBits: 0, + symKeySpace: 0, + effectiveKeyBits: 0, + macAlgorithmName: 0 as *const libc::c_char, + macAlgorithm: ssl_mac_null, + macBits: 0, + c2rust_padding: [0; 1], + isFIPS_isExportable_nonStandard_reservedBits: [0; 5], + authType: ssl_auth_null, + kdfHash: ssl_hash_none, + }; + let mut rv: SECStatus = SECSuccess; + let mut negotiatedExtension: PRBool = 0; + unsafe { + *canFalseStart = 0 as i32; + } + if unsafe { + SSL_GetChannelInfo( + sock, + &mut channelInfo, + ::std::mem::size_of::() as PRUintn, + ) + } as i32 + != SECSuccess as i32 + { + return SECFailure; + } + if unsafe { + SSL_GetCipherSuiteInfo( + channelInfo.cipherSuite, + &mut cipherInfo, + ::std::mem::size_of::() as PRUintn, + ) + } as i32 + != SECSuccess as i32 + { + return SECFailure; + } + // 创建一个循环 + // 循环开始 + 'end: loop { + /* Prevent version downgrade attacks from TLS 1.2, and avoid False Start for + * TLS 1.3 and later. See https://bugzilla.mozilla.org/show_bug.cgi?id=861310 + */ + if channelInfo.protocolVersion as i32 != 0x303 as i32 { + break 'end; + } + /* Only allow ECDHE key exchange algorithm. + * See https://bugzilla.mozilla.org/show_bug.cgi?id=952863 */ + if cipherInfo.keaType as u32 != ssl_kea_ecdh as u32 { + break 'end; + } + /* Prevent downgrade attacks on the symmetric cipher. We do not allow CBC + * mode due to BEAST, POODLE, and other attacks on the MAC-then-Encrypt + * design. See https://bugzilla.mozilla.org/show_bug.cgi?id=1109766 */ + if cipherInfo.symCipher as u32 != ssl_calg_aes_gcm as u32 { + break 'end; + } + /* Enforce ALPN or NPN to do False Start, as an indicator of server + * compatibility. */ + rv = unsafe { + SSL_HandshakeNegotiatedExtension( + sock, + ssl_app_layer_protocol_xtn, + &mut negotiatedExtension, + ) + }; + if rv as i32 != SECSuccess as i32 || negotiatedExtension == 0 { + rv = unsafe { + SSL_HandshakeNegotiatedExtension( + sock, + ssl_next_proto_nego_xtn, + &mut negotiatedExtension, + ) + }; + } + if rv as i32 != SECSuccess as i32 || negotiatedExtension == 0 { + break 'end; + } + + unsafe { + *canFalseStart = 1 as i32; + Curl_infof( + data, + b"Trying TLS False Start\0" as *const u8 as *const libc::c_char, + ); + } + break 'end; + } + // 循环结束 + // curl_mprintf(b"hanxj\0" as *const u8 as *const libc::c_char); + return SECSuccess; +} + +extern "C" fn display_cert_info(mut data: *mut Curl_easy, mut cert: *mut CERTCertificate) { + let mut subject: *mut libc::c_char = 0 as *mut libc::c_char; + let mut issuer: *mut libc::c_char = 0 as *mut libc::c_char; + let mut common_name: *mut libc::c_char = 0 as *mut libc::c_char; + let mut printableTime: PRExplodedTime = PRExplodedTime { + tm_usec: 0, + tm_sec: 0, + tm_min: 0, + tm_hour: 0, + tm_mday: 0, + tm_month: 0, + tm_year: 0, + tm_wday: 0, + tm_yday: 0, + tm_params: PRTimeParameters { + tp_gmt_offset: 0, + tp_dst_offset: 0, + }, + }; + let mut timeString: [libc::c_char; 256] = [0; 256]; + let mut notBefore: PRTime = 0; + let mut notAfter: PRTime = 0; + subject = unsafe { CERT_NameToAscii(&mut (*cert).subject) }; + issuer = unsafe { CERT_NameToAscii(&mut (*cert).issuer) }; + common_name = unsafe { CERT_GetCommonName(&mut (*cert).subject) }; + unsafe { + Curl_infof( + data, + b"subject: %s\n\0" as *const u8 as *const libc::c_char, + subject, + ); + CERT_GetCertTimes(cert, &mut notBefore, &mut notAfter); + PR_ExplodeTime( + notBefore, + Some( + PR_GMTParameters as unsafe extern "C" fn(*const PRExplodedTime) -> PRTimeParameters, + ), + &mut printableTime, + ); + PR_FormatTime( + timeString.as_mut_ptr(), + 256 as i32, + b"%b %d %H:%M:%S %Y GMT\0" as *const u8 as *const libc::c_char, + &mut printableTime, + ); + Curl_infof( + data, + b" start date: %s\0" as *const u8 as *const libc::c_char, + timeString.as_mut_ptr(), + ); + PR_ExplodeTime( + notAfter, + Some( + PR_GMTParameters as unsafe extern "C" fn(*const PRExplodedTime) -> PRTimeParameters, + ), + &mut printableTime, + ); + PR_FormatTime( + timeString.as_mut_ptr(), + 256 as i32, + b"%b %d %H:%M:%S %Y GMT\0" as *const u8 as *const libc::c_char, + &mut printableTime, + ); + Curl_infof( + data, + b" expire date: %s\0" as *const u8 as *const libc::c_char, + timeString.as_mut_ptr(), + ); + Curl_infof( + data, + b" common name: %s\0" as *const u8 as *const libc::c_char, + common_name, + ); + Curl_infof( + data, + b" issuer: %s\0" as *const u8 as *const libc::c_char, + issuer, + ); + PR_Free(subject as *mut libc::c_void); + PR_Free(issuer as *mut libc::c_void); + PR_Free(common_name as *mut libc::c_void); + } +} + +extern "C" fn display_conn_info(mut data: *mut Curl_easy, mut sock: *mut PRFileDesc) -> CURLcode { + let mut result: CURLcode = CURLE_OK; + let mut channel: SSLChannelInfo = SSLChannelInfo { + length: 0, + protocolVersion: 0, + cipherSuite: 0, + authKeyBits: 0, + keaKeyBits: 0, + creationTime: 0, + lastAccessTime: 0, + expirationTime: 0, + sessionIDLength: 0, + sessionID: [0; 32], + compressionMethodName: 0 as *const libc::c_char, + compressionMethod: ssl_compression_null, + extendedMasterSecretUsed: 0, + earlyDataAccepted: 0, + keaType: ssl_kea_null, + keaGroup: 0 as SSLNamedGroup, + symCipher: ssl_calg_null, + macAlgorithm: ssl_mac_null, + authType: ssl_auth_null, + signatureScheme: ssl_sig_none, + originalKeaGroup: 0 as SSLNamedGroup, + resumed: 0, + peerDelegCred: 0, + }; + let mut suite: SSLCipherSuiteInfo = SSLCipherSuiteInfo { + length: 0, + cipherSuite: 0, + cipherSuiteName: 0 as *const libc::c_char, + authAlgorithmName: 0 as *const libc::c_char, + authAlgorithm: ssl_auth_null, + keaTypeName: 0 as *const libc::c_char, + keaType: ssl_kea_null, + symCipherName: 0 as *const libc::c_char, + symCipher: ssl_calg_null, + symKeyBits: 0, + symKeySpace: 0, + effectiveKeyBits: 0, + macAlgorithmName: 0 as *const libc::c_char, + macAlgorithm: ssl_mac_null, + macBits: 0, + c2rust_padding: [0; 1], + isFIPS_isExportable_nonStandard_reservedBits: [0; 5], + authType: ssl_auth_null, + kdfHash: ssl_hash_none, + }; + let mut cert: *mut CERTCertificate = 0 as *mut CERTCertificate; + let mut cert2: *mut CERTCertificate = 0 as *mut CERTCertificate; + let mut cert3: *mut CERTCertificate = 0 as *mut CERTCertificate; + let mut now: PRTime = 0; + if unsafe { + SSL_GetChannelInfo( + sock, + &mut channel, + ::std::mem::size_of::() as PRUintn, + ) + } as i32 + == SECSuccess as i32 + && channel.length as u64 == ::std::mem::size_of::() as u64 + && channel.cipherSuite as i32 != 0 + { + if unsafe { + SSL_GetCipherSuiteInfo( + channel.cipherSuite, + &mut suite, + ::std::mem::size_of::() as PRUintn, + ) + } as i32 + == SECSuccess as i32 + { + unsafe { + Curl_infof( + data, + b"SSL connection using %s\0" as *const u8 as *const libc::c_char, + suite.cipherSuiteName, + ); + } + } + } + cert = unsafe { SSL_PeerCertificate(sock) }; + if !cert.is_null() { + unsafe { + Curl_infof( + data, + b"Server certificate:\0" as *const u8 as *const libc::c_char, + ); + } + if unsafe { ((*data).set.ssl).certinfo() == 0 } { + display_cert_info(data, cert); + unsafe { + CERT_DestroyCertificate(cert); + } + } else { + /* Count certificates in chain. */ + let mut i: i32 = 1 as i32; + now = unsafe { PR_Now() }; + if unsafe { (*cert).isRoot == 0 } { + cert2 = unsafe { CERT_FindCertIssuer(cert, now, certUsageSSLCA) }; + while !cert2.is_null() { + i += 1; + if unsafe { (*cert2).isRoot != 0 } { + unsafe { + CERT_DestroyCertificate(cert2); + } + break; + } else { + cert3 = unsafe { CERT_FindCertIssuer(cert2, now, certUsageSSLCA) }; + unsafe { + CERT_DestroyCertificate(cert2); + } + cert2 = cert3; + } + } + } + result = Curl_ssl_init_certinfo(data, i); + if result as u64 == 0 { + i = 0 as i32; + while !cert.is_null() { + i = i + 1; + result = unsafe { + Curl_extract_certinfo( + data, + i, + (*cert).derCert.data as *mut libc::c_char, + ((*cert).derCert.data as *mut libc::c_char) + .offset((*cert).derCert.len as isize), + ) + }; + if result as u64 != 0 { + break; + } + if unsafe { (*cert).isRoot != 0 } { + unsafe { + CERT_DestroyCertificate(cert); + } + break; + } else { + cert2 = unsafe { CERT_FindCertIssuer(cert, now, certUsageSSLCA) }; + unsafe { + CERT_DestroyCertificate(cert); + } + cert = cert2; + } + } + } + } + } + return result; +} + +#[cfg(not(CURL_DISABLE_PROXY))] +extern "C" fn BadCertHandler(mut arg: *mut libc::c_void, mut sock: *mut PRFileDesc) -> SECStatus { + let mut data: *mut Curl_easy = arg as *mut Curl_easy; + let mut conn: *mut connectdata = unsafe { (*data).conn }; + let mut err: PRErrorCode = unsafe { PR_GetError() }; + let mut cert: *mut CERTCertificate = 0 as *mut CERTCertificate; + + #[cfg(not(CURL_DISABLE_PROXY))] + if true { + *if CURLPROXY_HTTPS as u32 == unsafe { (*conn).http_proxy.proxytype as u32 } + && ssl_connection_complete as u32 + != unsafe { + (*conn).proxy_ssl[(if (*conn).sock[1 as usize] == -(1 as i32) { + 0 as i32 + } else { + 1 as i32 + }) as usize] + .state as u32 + } + { + unsafe { &mut (*data).set.proxy_ssl.certverifyresult } + } else { + unsafe { &mut (*data).set.ssl.certverifyresult } + } = err as i64; + } + #[cfg(CURL_DISABLE_PROXY)] + if true { + unsafe { + (*data).set.ssl.certverifyresult = err as i64; + } + } + + if err == SSL_ERROR_BAD_CERT_DOMAIN as i32 + && (if CURLPROXY_HTTPS as u32 == unsafe { (*conn).http_proxy.proxytype as u32 } + && ssl_connection_complete as u32 + != unsafe { + (*conn).proxy_ssl[(if (*conn).sock[1 as usize] == -(1 as i32) { + 0 as i32 + } else { + 1 as i32 + }) as usize] + .state as u32 + } + { + unsafe { ((*conn).proxy_ssl_config).verifyhost() as i32 } + } else { + unsafe { ((*conn).ssl_config).verifyhost() as i32 } + }) == 0 + { + return SECSuccess; + } + cert = unsafe { SSL_PeerCertificate(sock) }; + if !cert.is_null() { + unsafe { + Curl_infof( + data, + b"Server certificate:\0" as *const u8 as *const libc::c_char, + ); + } + display_cert_info(data, cert); + unsafe { + CERT_DestroyCertificate(cert); + } + } + return SECFailure; +} + +#[cfg(CURL_DISABLE_PROXY)] +extern "C" fn BadCertHandler(mut arg: *mut libc::c_void, mut sock: *mut PRFileDesc) -> SECStatus { + let mut data: *mut Curl_easy = arg as *mut Curl_easy; + let mut conn: *mut connectdata = unsafe { (*data).conn }; + let mut err: PRErrorCode = unsafe { PR_GetError() }; + let mut cert: *mut CERTCertificate = 0 as *mut CERTCertificate; + /* remember the cert verification result */ + unsafe { + (*data).set.ssl.certverifyresult = err as i64; + } + if err == SSL_ERROR_BAD_CERT_DOMAIN as i32 && unsafe { ((*conn).ssl_config).verifyhost() == 0 } + { + /* we are asked not to verify the host name */ + return SECSuccess; + } + /* print only info about the cert, the error is printed off the callback */ + cert = unsafe { SSL_PeerCertificate(sock) }; + if !cert.is_null() { + unsafe { + Curl_infof( + data, + b"Server certificate:\0" as *const u8 as *const libc::c_char, + ); + } + display_cert_info(data, cert); + unsafe { + CERT_DestroyCertificate(cert); + } + } + return SECFailure; +} + +/** + * + * Check that the Peer certificate's issuer certificate matches the one found + * by issuer_nickname. This is not exactly the way OpenSSL and GNU TLS do the + * issuer check, so we provide comments that mimic the OpenSSL + * X509_check_issued function (in x509v3/v3_purp.c) + */ +extern "C" fn check_issuer_cert( + mut sock: *mut PRFileDesc, + mut issuer_nickname: *mut libc::c_char, +) -> SECStatus { + let mut cert: *mut CERTCertificate = 0 as *mut CERTCertificate; + let mut cert_issuer: *mut CERTCertificate = 0 as *mut CERTCertificate; + let mut issuer: *mut CERTCertificate = 0 as *mut CERTCertificate; + let mut res: SECStatus = SECSuccess; + let mut proto_win: *mut libc::c_void = 0 as *mut libc::c_void; + cert = unsafe { SSL_PeerCertificate(sock) }; + cert_issuer = unsafe { CERT_FindCertIssuer(cert, PR_Now(), certUsageObjectSigner) }; + proto_win = unsafe { SSL_RevealPinArg(sock) }; + issuer = unsafe { PK11_FindCertFromNickname(issuer_nickname, proto_win) }; + if cert_issuer.is_null() || issuer.is_null() { + res = SECFailure; + } else if unsafe { + SECITEM_CompareItem(&mut (*cert_issuer).derCert, &mut (*issuer).derCert) as i32 + } != SECEqual as i32 + { + res = SECFailure; + } + unsafe { + CERT_DestroyCertificate(cert); + CERT_DestroyCertificate(issuer); + CERT_DestroyCertificate(cert_issuer); + } + return res; +} + +extern "C" fn cmp_peer_pubkey( + mut connssl: *mut ssl_connect_data, + mut pinnedpubkey: *const libc::c_char, +) -> CURLcode { + let mut result: CURLcode = CURLE_SSL_PINNEDPUBKEYNOTMATCH; + let mut backend: *mut ssl_backend_data = unsafe { (*connssl).backend }; + let mut data: *mut Curl_easy = unsafe { (*backend).data }; + let mut cert: *mut CERTCertificate = 0 as *mut CERTCertificate; + if pinnedpubkey.is_null() { + return CURLE_OK; + } + cert = unsafe { SSL_PeerCertificate((*backend).nss_handle) }; + if !cert.is_null() { + /* no pinned public key specified */ + let mut pubkey: *mut SECKEYPublicKey = unsafe { CERT_ExtractPublicKey(cert) }; + if !pubkey.is_null() { + let mut cert_der: *mut SECItem = unsafe { PK11_DEREncodePublicKey(pubkey) }; + if !cert_der.is_null() { + result = unsafe { + Curl_pin_peer_pubkey( + data, + pinnedpubkey, + (*cert_der).data, + (*cert_der).len as size_t, + ) + }; + unsafe { + SECITEM_FreeItem(cert_der, 1 as i32); + } + } + unsafe { + SECKEY_DestroyPublicKey(pubkey); + } + } + unsafe { + CERT_DestroyCertificate(cert); + } + } + match result as u32 { + 0 => unsafe { + Curl_infof( + data, + b"pinned public key verified successfully!\0" as *const u8 as *const libc::c_char, + ); + }, + 90 => unsafe { + Curl_failf( + data, + b"failed to verify pinned public key\0" as *const u8 as *const libc::c_char, + ); + }, + _ => {} + } + return result; +} + +/** + * + * Callback to pick the SSL client certificate. + */ +extern "C" fn SelectClientCert( + mut arg: *mut libc::c_void, + mut sock: *mut PRFileDesc, + mut caNames: *mut CERTDistNamesStr, + mut pRetCert: *mut *mut CERTCertificateStr, + mut pRetKey: *mut *mut SECKEYPrivateKeyStr, +) -> SECStatus { + let mut connssl: *mut ssl_connect_data = arg as *mut ssl_connect_data; + let mut backend: *mut ssl_backend_data = unsafe { (*connssl).backend }; + let mut data: *mut Curl_easy = unsafe { (*backend).data }; + let mut nickname: *const libc::c_char = unsafe { (*backend).client_nickname }; + static mut pem_slotname: [libc::c_char; 13] = + unsafe { *::std::mem::transmute::<&[u8; 13], &[libc::c_char; 13]>(b"PEM Token #1\0") }; + if unsafe { !((*backend).obj_clicert).is_null() } { + /* use the cert/key provided by PEM reader */ + let mut cert_der: SECItem = { + let mut init = SECItemStr { + type_0: siBuffer, + data: 0 as *mut u8, + len: 0 as u32, + }; + init + }; + let mut proto_win: *mut libc::c_void = unsafe { SSL_RevealPinArg(sock) }; + let mut cert: *mut CERTCertificateStr = 0 as *mut CERTCertificateStr; + let mut key: *mut SECKEYPrivateKeyStr = 0 as *mut SECKEYPrivateKeyStr; + let mut slot: *mut PK11SlotInfo = unsafe { nss_find_slot_by_name(pem_slotname.as_ptr()) }; + if slot.is_null() { + unsafe { + Curl_failf( + data, + b"NSS: PK11 slot not found: %s\0" as *const u8 as *const libc::c_char, + pem_slotname.as_ptr(), + ); + } + return SECFailure; + } + if unsafe { + PK11_ReadRawAttribute( + PK11_TypeGeneric, + (*backend).obj_clicert as *mut libc::c_void, + 0x11 as CK_ATTRIBUTE_TYPE, + &mut cert_der, + ) as i32 + } != SECSuccess as i32 + { + unsafe { + Curl_failf( + data, + b"NSS: CKA_VALUE not found in PK11 generic object\0" as *const u8 + as *const libc::c_char, + ); + PK11_FreeSlot(slot); + } + return SECFailure; + } + cert = unsafe { PK11_FindCertFromDERCertItem(slot, &mut cert_der, proto_win) }; + unsafe { SECITEM_FreeItem(&mut cert_der, 0 as i32) }; + if cert.is_null() { + /* extract public key from peer certificate */ + unsafe { + Curl_failf( + data, + b"NSS: client certificate from file not found\0" as *const u8 + as *const libc::c_char, + ); + PK11_FreeSlot(slot); + } + return SECFailure; + } + key = unsafe { PK11_FindPrivateKeyFromCert(slot, cert, 0 as *mut libc::c_void) }; + unsafe { + PK11_FreeSlot(slot); + } + if key.is_null() { + unsafe { + Curl_failf( + data, + b"NSS: private key from file not found\0" as *const u8 as *const libc::c_char, + ); + } + unsafe { CERT_DestroyCertificate(cert) }; + return SECFailure; + } + unsafe { + Curl_infof( + data, + b"NSS: client certificate from file\0" as *const u8 as *const libc::c_char, + ); + } + display_cert_info(data, cert); + unsafe { + *pRetCert = cert; + *pRetKey = key; + } + return SECSuccess; + } + + /* use the default NSS hook */ + if unsafe { + SECSuccess as i32 + != NSS_GetClientAuthData( + nickname as *mut libc::c_void, + sock, + caNames, + pRetCert, + pRetKey, + ) as i32 + || (*pRetCert).is_null() + } { + if nickname.is_null() { + unsafe { + Curl_failf( + data, + b"NSS: client certificate not found (nickname not specified)\0" as *const u8 + as *const libc::c_char, + ); + } + } else { + unsafe { + Curl_failf( + data, + b"NSS: client certificate not found: %s\0" as *const u8 as *const libc::c_char, + nickname, + ); + } + } + return SECFailure; + } + + /* get certificate nickname if any */ + nickname = unsafe { (**pRetCert).nickname }; + if nickname.is_null() { + nickname = b"[unknown]\0" as *const u8 as *const libc::c_char; + } + if unsafe { + strncmp( + nickname, + pem_slotname.as_ptr(), + (::std::mem::size_of::<[libc::c_char; 13]>() as u64).wrapping_sub(1 as u64), + ) == 0 + } { + unsafe { + Curl_failf( + data, + b"NSS: refusing previously loaded certificate from file: %s\0" as *const u8 + as *const libc::c_char, + nickname, + ); + } + return SECFailure; + } + if unsafe { (*pRetKey).is_null() } { + unsafe { + Curl_failf( + data, + b"NSS: private key not found for certificate: %s\0" as *const u8 + as *const libc::c_char, + nickname, + ); + } + return SECFailure; + } + unsafe { + Curl_infof( + data, + b"NSS: using client certificate: %s\0" as *const u8 as *const libc::c_char, + nickname, + ); + } + unsafe { + display_cert_info(data, *pRetCert); + } + return SECSuccess; +} + +/* update blocking direction in case of PR_WOULD_BLOCK_ERROR */ +extern "C" fn nss_update_connecting_state( + mut state: ssl_connect_state, + mut secret: *mut libc::c_void, +) { + let mut connssl: *mut ssl_connect_data = secret as *mut ssl_connect_data; + if unsafe { PR_GetError() as i64 != -(5998 as i64) } { + /* an unrelated error is passing by */ + return; + } + match unsafe { (*connssl).connecting_state as u32 } { + 1 | 2 | 3 => {} + _ => return, + } + /* we are not called from an SSL handshake */ + unsafe { + (*connssl).connecting_state = state; + } +} + +/* recv() wrapper we use to detect blocking direction during SSL handshake */ +extern "C" fn nspr_io_recv( + mut fd: *mut PRFileDesc, + mut buf: *mut libc::c_void, + mut amount: PRInt32, + mut flags: PRIntn, + mut timeout: PRIntervalTime, +) -> PRInt32 { + let recv_fn: PRRecvFN = unsafe { (*(*(*fd).lower).methods).recv }; + let rv: PRInt32 = unsafe { + recv_fn.expect("non-null function pointer")((*fd).lower, buf, amount, flags, timeout) + }; + if rv < 0 as i32 { + /* check for PR_WOULD_BLOCK_ERROR and update blocking direction */ + unsafe { + nss_update_connecting_state(ssl_connect_2_reading, (*fd).secret as *mut libc::c_void); + } + } + return rv; +} + +/* send() wrapper we use to detect blocking direction during SSL handshake */ +extern "C" fn nspr_io_send( + mut fd: *mut PRFileDesc, + mut buf: *const libc::c_void, + mut amount: PRInt32, + mut flags: PRIntn, + mut timeout: PRIntervalTime, +) -> PRInt32 { + let send_fn: PRSendFN = unsafe { (*(*(*fd).lower).methods).send }; + let rv: PRInt32 = unsafe { + send_fn.expect("non-null function pointer")((*fd).lower, buf, amount, flags, timeout) + }; + if rv < 0 as i32 { + /* check for PR_WOULD_BLOCK_ERROR and update blocking direction */ + unsafe { + nss_update_connecting_state(ssl_connect_2_writing, (*fd).secret as *mut libc::c_void); + } + } + return rv; +} + +/* close() wrapper to avoid assertion failure due to fd->secret != NULL */ +extern "C" fn nspr_io_close(mut fd: *mut PRFileDesc) -> PRStatus { + let close_fn: PRCloseFN = unsafe { (*PR_GetDefaultIOMethods()).close }; + unsafe { + (*fd).secret = 0 as *mut PRFilePrivate; + } + return unsafe { close_fn.expect("non-null function pointer")(fd) }; +} + +/* load a PKCS #11 module */ +extern "C" fn nss_load_module( + mut pmod: *mut *mut SECMODModule, + mut library: *const libc::c_char, + mut name: *const libc::c_char, +) -> CURLcode { + let mut config_string: *mut libc::c_char = 0 as *mut libc::c_char; + let mut module: *mut SECMODModule = unsafe { *pmod }; + if !module.is_null() { + /* already loaded */ + return CURLE_OK; + } + config_string = unsafe { + curl_maprintf( + b"library=%s name=%s\0" as *const u8 as *const libc::c_char, + library, + name, + ) + }; + if config_string.is_null() { + return CURLE_OUT_OF_MEMORY; + } + module = unsafe { SECMOD_LoadUserModule(config_string, 0 as *mut SECMODModule, 0 as i32) }; + #[cfg(not(CURLDEBUG))] + unsafe { + Curl_cfree.expect("non-null function pointer")(config_string as *mut libc::c_void); + } + #[cfg(CURLDEBUG)] + unsafe { + curl_dbg_free( + config_string as *mut libc::c_void, + 1311 as libc::c_int, + b"vtls/nss.c\0" as *const u8 as *const libc::c_char, + ); + } + if !module.is_null() && unsafe { (*module).loaded != 0 } { + /* loaded successfully */ + unsafe { + *pmod = module; + } + } + if !module.is_null() { + unsafe { + SECMOD_DestroyModule(module); + } + } + return CURLE_FAILED_INIT; +} + +/* unload a PKCS #11 module */ +extern "C" fn nss_unload_module(mut pmod: *mut *mut SECMODModule) { + let mut module: *mut SECMODModule = unsafe { *pmod }; + if module.is_null() { + /* not loaded */ + return; + } + if unsafe { SECMOD_UnloadUserModule(module) as i32 != SECSuccess as i32 } { + /* unload failed */ + return; + } + unsafe { + SECMOD_DestroyModule(module); + *pmod = 0 as *mut SECMODModule; + } +} + +/* data might be NULL */ +extern "C" fn nss_init_core( + mut data: *mut Curl_easy, + mut cert_dir: *const libc::c_char, +) -> CURLcode { + let mut initparams: NSSInitParameters = NSSInitParameters { + length: 0, + passwordRequired: 0, + minPWLen: 0, + manufactureID: 0 as *mut libc::c_char, + libraryDescription: 0 as *mut libc::c_char, + cryptoTokenDescription: 0 as *mut libc::c_char, + dbTokenDescription: 0 as *mut libc::c_char, + FIPSTokenDescription: 0 as *mut libc::c_char, + cryptoSlotDescription: 0 as *mut libc::c_char, + dbSlotDescription: 0 as *mut libc::c_char, + FIPSSlotDescription: 0 as *mut libc::c_char, + }; + let mut err: PRErrorCode = 0; + let mut err_name: *const libc::c_char = 0 as *const libc::c_char; + if unsafe { !nss_context.is_null() } { + return CURLE_OK; + } + unsafe { + memset( + &mut initparams as *mut NSSInitParameters as *mut libc::c_void, + '\u{0}' as i32, + ::std::mem::size_of::() as u64, + ); + } + initparams.length = ::std::mem::size_of::() as u32; + if !cert_dir.is_null() { + let mut certpath: *mut libc::c_char = + unsafe { curl_maprintf(b"sql:%s\0" as *const u8 as *const libc::c_char, cert_dir) }; + if certpath.is_null() { + return CURLE_OUT_OF_MEMORY; + } + unsafe { + Curl_infof( + data, + b"Initializing NSS with certpath: %s\0" as *const u8 as *const libc::c_char, + certpath, + ); + + nss_context = NSS_InitContext( + certpath, + b"\0" as *const u8 as *const libc::c_char, + b"\0" as *const u8 as *const libc::c_char, + b"\0" as *const u8 as *const libc::c_char, + &mut initparams, + (0x1 as i32 | 0x80 as i32) as PRUint32, + ); + #[cfg(not(CURLDEBUG))] + Curl_cfree.expect("non-null function pointer")(certpath as *mut libc::c_void); + #[cfg(CURLDEBUG)] + curl_dbg_free( + certpath as *mut libc::c_void, + 1361 as libc::c_int, + b"vtls/nss.c\0" as *const u8 as *const libc::c_char, + ); + } + if unsafe { !nss_context.is_null() } { + return CURLE_OK; + } + err = unsafe { PR_GetError() }; + err_name = nss_error_to_name(err); + unsafe { + Curl_infof( + data, + b"Unable to initialize NSS database: %d (%s)\0" as *const u8 as *const libc::c_char, + err, + err_name, + ); + } + } + unsafe { + Curl_infof( + data, + b"Initializing NSS with certpath: none\0" as *const u8 as *const libc::c_char, + ); + nss_context = NSS_InitContext( + b"\0" as *const u8 as *const libc::c_char, + b"\0" as *const u8 as *const libc::c_char, + b"\0" as *const u8 as *const libc::c_char, + b"\0" as *const u8 as *const libc::c_char, + &mut initparams, + (0x1 as i32 + | 0x2 as i32 + | 0x4 as i32 + | 0x8 as i32 + | 0x10 as i32 + | 0x20 as i32 + | 0x80 as i32) as PRUint32, + ); + } + if unsafe { !nss_context.is_null() } { + return CURLE_OK; + } + err = unsafe { PR_GetError() }; + err_name = nss_error_to_name(err); + unsafe { + Curl_failf( + data, + b"Unable to initialize NSS: %d (%s)\0" as *const u8 as *const libc::c_char, + err, + err_name, + ); + } + return CURLE_SSL_CACERT_BADFILE; +} + +/* data might be NULL */ +extern "C" fn nss_setup(mut data: *mut Curl_easy) -> CURLcode { + let mut cert_dir: *mut libc::c_char = 0 as *mut libc::c_char; + let mut st: stat = stat { + st_dev: 0, + st_ino: 0, + st_nlink: 0, + st_mode: 0, + st_uid: 0, + st_gid: 0, + __pad0: 0, + st_rdev: 0, + st_size: 0, + st_blksize: 0, + st_blocks: 0, + st_atim: timespec { + tv_sec: 0, + tv_nsec: 0, + }, + st_mtim: timespec { + tv_sec: 0, + tv_nsec: 0, + }, + st_ctim: timespec { + tv_sec: 0, + tv_nsec: 0, + }, + __glibc_reserved: [0; 3], + }; + let mut result: CURLcode = CURLE_OK; + if unsafe { initialized != 0 } { + return CURLE_OK; + } + /* list of all CRL items we need to destroy in nss_cleanup() */ + unsafe { + Curl_llist_init( + &mut nss_crl_list, + Some( + nss_destroy_crl_item + as unsafe extern "C" fn(*mut libc::c_void, *mut libc::c_void) -> (), + ), + ); + } + /* First we check if $SSL_DIR points to a valid dir */ + cert_dir = unsafe { getenv(b"SSL_DIR\0" as *const u8 as *const libc::c_char) }; + if !cert_dir.is_null() { + if stat(cert_dir, &mut st) != 0 as i32 || !(st.st_mode & 0o170000 as u32 == 0o40000 as u32) + { + cert_dir = 0 as *mut libc::c_char; + } + } + + /* Now we check if the default location is a valid dir */ + if cert_dir.is_null() { + /* allocate an identity for our own NSPR I/O layer */ + if stat( + b"/etc/pki/nssdb\0" as *const u8 as *const libc::c_char, + &mut st, + ) == 0 as i32 + && st.st_mode & 0o170000 as u32 == 0o40000 as u32 + { + cert_dir = b"/etc/pki/nssdb\0" as *const u8 as *const libc::c_char as *mut libc::c_char; + } + } + if unsafe { nspr_io_identity == -(1 as i32) } { + unsafe { + nspr_io_identity = + PR_GetUniqueIdentity(b"libcurl\0" as *const u8 as *const libc::c_char); + } + if unsafe { nspr_io_identity == -(1 as i32) } { + return CURLE_OUT_OF_MEMORY; + } + /* the default methods just call down to the lower I/O layer */ + unsafe { + memcpy( + &mut nspr_io_methods as *mut PRIOMethods as *mut libc::c_void, + PR_GetDefaultIOMethods() as *const libc::c_void, + ::std::mem::size_of::() as u64, + ); + /* override certain methods in the table by our wrappers */ + nspr_io_methods.recv = Some( + nspr_io_recv + as unsafe extern "C" fn( + *mut PRFileDesc, + *mut libc::c_void, + PRInt32, + PRIntn, + PRIntervalTime, + ) -> PRInt32, + ); + nspr_io_methods.send = Some( + nspr_io_send + as unsafe extern "C" fn( + *mut PRFileDesc, + *const libc::c_void, + PRInt32, + PRIntn, + PRIntervalTime, + ) -> PRInt32, + ); + nspr_io_methods.close = + Some(nspr_io_close as unsafe extern "C" fn(*mut PRFileDesc) -> PRStatus); + } + } + result = nss_init_core(data, cert_dir); + if result as u64 != 0 { + return result; + } + if !any_cipher_enabled() { + unsafe { + NSS_SetDomesticPolicy(); + } + } + unsafe { + ::std::ptr::write_volatile(&mut initialized as *mut i32, 1 as i32); + } + return CURLE_OK; +} + +/** + * Global SSL init + * + * @retval 0 error initializing SSL + * @retval 1 SSL initialized successfully + */ + +extern "C" fn nss_init() -> i32 { + /* curl_global_init() is not thread-safe so this test is ok */ + if unsafe { nss_initlock.is_null() } { + unsafe { + PR_Init(PR_USER_THREAD, PR_PRIORITY_NORMAL, 0 as PRUintn); + nss_initlock = PR_NewLock(); + nss_crllock = PR_NewLock(); + nss_findslot_lock = PR_NewLock(); + nss_trustload_lock = PR_NewLock(); + } + } + /* We will actually initialize NSS later */ + return 1 as i32; +} + +#[no_mangle] +/* data might be NULL */ +pub extern "C" fn Curl_nss_force_init(mut data: *mut Curl_easy) -> CURLcode { + let mut result: CURLcode = CURLE_OK; + if unsafe { nss_initlock.is_null() } { + if !data.is_null() { + unsafe { + Curl_failf( data, b"unable to initialize NSS, curl_global_init() should have been called with CURL_GLOBAL_SSL or CURL_GLOBAL_ALL\0" as *const u8 as *const libc::c_char, ); - } - return CURLE_FAILED_INIT; - } - PR_Lock(nss_initlock); - result = nss_setup(data); - PR_Unlock(nss_initlock); - return result; - } - } - - /* Global cleanup */ - extern "C" fn nss_cleanup() { - unsafe{ - /* This function isn't required to be threadsafe and this is only done - * as a safety feature. - */ - PR_Lock(nss_initlock); - if initialized != 0 { - /* Free references to client certificates held in the SSL session cache. - * Omitting this hampers destruction of the security module owning - * the certificates. */ - SSL_ClearSessionCache(); - nss_unload_module(&mut pem_module); - nss_unload_module(&mut trust_module); - NSS_ShutdownContext(nss_context); - nss_context = 0 as *mut NSSInitContext; - } - /* destroy all CRL items */ - Curl_llist_destroy(&mut nss_crl_list, 0 as *mut libc::c_void); - PR_Unlock(nss_initlock); - PR_DestroyLock(nss_initlock); - PR_DestroyLock(nss_crllock); - PR_DestroyLock(nss_findslot_lock); - PR_DestroyLock(nss_trustload_lock); - nss_initlock = 0 as *mut PRLock; - ::std::ptr::write_volatile(&mut initialized as *mut i32, 0 as i32); - } - } - - - - /* - * This function uses SSL_peek to determine connection status. - * - * Return codes: - * 1 means the connection is still in place - * 0 means the connection has been closed - * -1 means the connection status is unknown - */ - extern "C" fn nss_check_cxn(mut conn: *mut connectdata) -> i32 { - unsafe{ - let mut connssl: *mut ssl_connect_data = - &mut *((*conn).ssl).as_mut_ptr().offset(0 as isize) as *mut ssl_connect_data; - let mut backend: *mut ssl_backend_data = (*connssl).backend; - let mut rc: i32 = 0; - let mut buf: libc::c_char = 0; - rc = PR_Recv( - (*backend).nss_handle, - &mut buf as *mut libc::c_char as *mut libc::c_void, - 1 as i32, - 0x2 as i32, - PR_SecondsToInterval(1 as PRUint32), - ); - if rc > 0 as i32 { - return 1 as i32; /* connection still in place */ - } - if rc == 0 as i32 { - return 0 as i32;/* connection has been closed */ - } - return -(1 as i32);/* connection status unknown */ - } - } - extern "C" fn close_one(mut connssl: *mut ssl_connect_data) { - unsafe{ - /* before the cleanup, check whether we are using a client certificate */ - let mut backend: *mut ssl_backend_data = (*connssl).backend; - let client_cert: bool = - !((*backend).client_nickname).is_null() || !((*backend).obj_clicert).is_null(); - if !((*backend).nss_handle).is_null() { - let mut buf: [libc::c_char; 32] = [0; 32]; - /* Maybe the server has already sent a close notify alert. + } + } + return CURLE_FAILED_INIT; + } + unsafe { + PR_Lock(nss_initlock); + } + result = nss_setup(data); + unsafe { + PR_Unlock(nss_initlock); + } + return result; +} + +/* Global cleanup */ +extern "C" fn nss_cleanup() { + /* This function isn't required to be threadsafe and this is only done + * as a safety feature. + */ + unsafe { + PR_Lock(nss_initlock); + } + if unsafe { initialized != 0 } { + /* Free references to client certificates held in the SSL session cache. + * Omitting this hampers destruction of the security module owning + * the certificates. */ + unsafe { + SSL_ClearSessionCache(); + nss_unload_module(&mut pem_module); + nss_unload_module(&mut trust_module); + NSS_ShutdownContext(nss_context); + nss_context = 0 as *mut NSSInitContext; + } + } + /* destroy all CRL items */ + unsafe { + Curl_llist_destroy(&mut nss_crl_list, 0 as *mut libc::c_void); + PR_Unlock(nss_initlock); + PR_DestroyLock(nss_initlock); + PR_DestroyLock(nss_crllock); + PR_DestroyLock(nss_findslot_lock); + PR_DestroyLock(nss_trustload_lock); + nss_initlock = 0 as *mut PRLock; + ::std::ptr::write_volatile(&mut initialized as *mut i32, 0 as i32); + } +} + +/* + * This function uses SSL_peek to determine connection status. + * + * Return codes: + * 1 means the connection is still in place + * 0 means the connection has been closed + * -1 means the connection status is unknown + */ +extern "C" fn nss_check_cxn(mut conn: *mut connectdata) -> i32 { + let mut connssl: *mut ssl_connect_data = + unsafe { &mut *((*conn).ssl).as_mut_ptr().offset(0 as isize) as *mut ssl_connect_data }; + let mut backend: *mut ssl_backend_data = unsafe { (*connssl).backend }; + let mut rc: i32 = 0; + let mut buf: libc::c_char = 0; + rc = unsafe { + PR_Recv( + (*backend).nss_handle, + &mut buf as *mut libc::c_char as *mut libc::c_void, + 1 as i32, + 0x2 as i32, + PR_SecondsToInterval(1 as PRUint32), + ) + }; + if rc > 0 as i32 { + return 1 as i32; /* connection still in place */ + } + if rc == 0 as i32 { + return 0 as i32; /* connection has been closed */ + } + return -(1 as i32); /* connection status unknown */ +} + +extern "C" fn close_one(mut connssl: *mut ssl_connect_data) { + /* before the cleanup, check whether we are using a client certificate */ + let mut backend: *mut ssl_backend_data = unsafe { (*connssl).backend }; + let client_cert: bool = + unsafe { !((*backend).client_nickname).is_null() || !((*backend).obj_clicert).is_null() }; + if unsafe { !((*backend).nss_handle).is_null() } { + let mut buf: [libc::c_char; 32] = [0; 32]; + /* Maybe the server has already sent a close notify alert. Read it to avoid an RST on the TCP connection. */ - PR_Recv( - (*backend).nss_handle, - buf.as_mut_ptr() as *mut libc::c_void, - ::std::mem::size_of::<[libc::c_char; 32]>() as i32, - 0 as i32, - 0 as PRIntervalTime, - ); - } - #[cfg(not(CURLDEBUG))] - Curl_cfree.expect("non-null function pointer")((*backend).client_nickname as *mut libc::c_void); - #[cfg(CURLDEBUG)] - curl_dbg_free( - (*backend).client_nickname as *mut libc::c_void, - 1557 as libc::c_int, - b"vtls/nss.c\0" as *const u8 as *const libc::c_char, - ); - (*backend).client_nickname = 0 as *mut libc::c_char; - /* destroy all NSS objects in order to avoid failure of NSS shutdown */ - Curl_llist_destroy(&mut (*backend).obj_list, 0 as *mut libc::c_void); - (*backend).obj_clicert = 0 as *mut PK11GenericObject; - if !((*backend).nss_handle).is_null() { - if client_cert { - /* A server might require different authentication based on the - * particular path being requested by the client. To support this - * scenario, we must ensure that a connection will never reuse the - * authentication data from a previous connection. */ - SSL_InvalidateSession((*backend).nss_handle); - } - PR_Close((*backend).nss_handle); - (*backend).nss_handle = 0 as *mut PRFileDesc; - } - } - } - - - /* - * This function is called when an SSL connection is closed. - */ - extern "C" fn nss_close( - mut data: *mut Curl_easy, - mut conn: *mut connectdata, - mut sockindex: i32, - ) { - unsafe{ - let mut connssl: *mut ssl_connect_data = - &mut *((*conn).ssl).as_mut_ptr().offset(sockindex as isize) as *mut ssl_connect_data; - #[cfg(not(CURL_DISABLE_PROXY))] - let mut connssl_proxy: *mut ssl_connect_data = - &mut *((*conn).proxy_ssl).as_mut_ptr().offset(sockindex as isize) as *mut ssl_connect_data; - - let mut backend: *mut ssl_backend_data = (*connssl).backend; - #[cfg(not(CURL_DISABLE_PROXY))] - let CURL_DISABLE_PROXY_3 = !((*(*connssl_proxy).backend).nss_handle).is_null(); - #[cfg(CURL_DISABLE_PROXY)] - let CURL_DISABLE_PROXY_3 = false; - if !((*backend).nss_handle).is_null() || CURL_DISABLE_PROXY_3{ - #[cfg(CURLDEBUG)] - curl_dbg_mark_sclose( - (*conn).sock[sockindex as usize], - 1597, - b"vtls/nss.c\0" as *const u8 as *const libc::c_char, - ); - (*conn).sock[sockindex as usize] = -(1 as i32); - } - #[cfg(not(CURL_DISABLE_PROXY))] - if !((*backend).nss_handle).is_null() { - (*(*connssl_proxy).backend).nss_handle = 0 as *mut PRFileDesc; - } - #[cfg(not(CURL_DISABLE_PROXY))] - close_one(connssl_proxy); - close_one(connssl); - } - } - - /* return true if NSS can provide error code (and possibly msg) for the - error */ - extern "C" fn is_nss_error(mut err: CURLcode) -> bool { - unsafe{ - match err as u32 { - 60 | 58 | 35 | 83 => return 1 as i32 != 0, - _ => return 0 as i32 != 0, - }; - } - } - - /* return true if the given error code is related to a client certificate */ - extern "C" fn is_cc_error(mut err: PRInt32) -> bool { - unsafe{ - match err { - -12271 | -12269 | -12270 => return 1 as i32 != 0, - _ => return 0 as i32 != 0, - }; - } - } - extern "C" fn nss_load_ca_certificates( - mut data: *mut Curl_easy, - mut conn: *mut connectdata, - mut sockindex: i32, - ) -> CURLcode { - unsafe{ - #[cfg(not(CURL_DISABLE_PROXY))] - let mut cafile: *const libc::c_char = if CURLPROXY_HTTPS as u32 - == (*conn).http_proxy.proxytype as u32 - && ssl_connection_complete as u32 - != (*conn).proxy_ssl[(if (*conn).sock[1 as usize] == -(1 as i32) - { - 0 as i32 - } else { - 1 as i32 - }) as usize] - .state as u32 - { - (*conn).proxy_ssl_config.CAfile - } else { - (*conn).ssl_config.CAfile - }; - #[cfg(CURL_DISABLE_PROXY)] - let mut cafile: *const libc::c_char = (*conn).ssl_config.CAfile; - #[cfg(not(CURL_DISABLE_PROXY))] - let mut capath: *const libc::c_char = if CURLPROXY_HTTPS as u32 - == (*conn).http_proxy.proxytype as u32 - && ssl_connection_complete as u32 - != (*conn).proxy_ssl[(if (*conn).sock[1 as usize] == -(1 as i32) - { - 0 as i32 - } else { - 1 as i32 - }) as usize] - .state as u32 - { - (*conn).proxy_ssl_config.CApath - } else { - (*conn).ssl_config.CApath - }; - #[cfg(CURL_DISABLE_PROXY)] - let mut capath: *const libc::c_char = (*conn).ssl_config.CApath; - let mut use_trust_module: bool = false; - let mut result: CURLcode = CURLE_OK; - - /* treat empty string as unset */ - if !cafile.is_null() && *cafile.offset(0 as isize) == 0 { - cafile = 0 as *const libc::c_char; - } - if !capath.is_null() && *capath.offset(0 as isize) == 0 { - capath = 0 as *const libc::c_char; - } - Curl_infof( - data, - b" CAfile: %s\0" as *const u8 as *const libc::c_char, - if !cafile.is_null() { - cafile - } else { - b"none\0" as *const u8 as *const libc::c_char - }, - ); - Curl_infof( - data, - b" CApath: %s\0" as *const u8 as *const libc::c_char, - if !capath.is_null() { - capath - } else { - b"none\0" as *const u8 as *const libc::c_char - }, - ); - - /* load libnssckbi.so if no other trust roots were specified */ - use_trust_module = cafile.is_null() && capath.is_null(); - PR_Lock(nss_trustload_lock); - if use_trust_module as i32 != 0 && trust_module.is_null() { - /* libnssckbi.so needed but not yet loaded --> load it! */ - result = nss_load_module( - &mut trust_module, - trust_library, - b"trust\0" as *const u8 as *const libc::c_char, - ); - Curl_infof( - data, - b"%s %s\0" as *const u8 as *const libc::c_char, - if result as u32 != 0 { - b"failed to load\0" as *const u8 as *const libc::c_char - } else { - b"loaded\0" as *const u8 as *const libc::c_char - }, - trust_library, - ); - if result as u32 == CURLE_FAILED_INIT as i32 as u32 { - /* If libnssckbi.so is not available (or fails to load), one can still - use CA certificates stored in NSS database. Ignore the failure. */ - result = CURLE_OK; - } - } else if !use_trust_module && !trust_module.is_null() { - /* libnssckbi.so not needed but already loaded --> unload it! */ - Curl_infof( - data, - b"unloading %s\0" as *const u8 as *const libc::c_char, - trust_library, - ); - nss_unload_module(&mut trust_module); - } - PR_Unlock(nss_trustload_lock); - if !cafile.is_null() { - result = nss_load_cert( - &mut *((*conn).ssl).as_mut_ptr().offset(sockindex as isize), - cafile, - 1 as i32, - ); - } - if result as u64 != 0 { - return result; - } - if !capath.is_null() { - let mut st: stat = stat { - st_dev: 0, - st_ino: 0, - st_nlink: 0, - st_mode: 0, - st_uid: 0, - st_gid: 0, - __pad0: 0, - st_rdev: 0, - st_size: 0, - st_blksize: 0, - st_blocks: 0, - st_atim: timespec { - tv_sec: 0, - tv_nsec: 0, - }, - st_mtim: timespec { - tv_sec: 0, - tv_nsec: 0, - }, - st_ctim: timespec { - tv_sec: 0, - tv_nsec: 0, - }, - __glibc_reserved: [0; 3], - }; - if stat(capath, &mut st) == -(1 as i32) { - return CURLE_SSL_CACERT_BADFILE; - } - if st.st_mode & 0o170000 as u32 - == 0o40000 as u32 - { - let mut entry: *mut PRDirEntry = 0 as *mut PRDirEntry; - let mut dir: *mut PRDir = PR_OpenDir(capath); - if dir.is_null() { - return CURLE_SSL_CACERT_BADFILE; - } - loop { - entry = PR_ReadDir( - dir, - (PR_SKIP_BOTH as i32 | PR_SKIP_HIDDEN as i32) as PRDirFlags, - ); - if entry.is_null() { - break; - } - let mut fullpath: *mut libc::c_char = curl_maprintf( - b"%s/%s\0" as *const u8 as *const libc::c_char, - capath, - (*entry).name, - ); - if fullpath.is_null() { - PR_CloseDir(dir); - return CURLE_OUT_OF_MEMORY; - } - if CURLSHE_OK as u32 - != nss_load_cert( - &mut *((*conn).ssl).as_mut_ptr().offset(sockindex as isize), - fullpath, - 1 as i32, - ) as u32 - { - /* This is purposefully tolerant of errors so non-PEM files can - * be in the same directory */ - Curl_infof( - data, - b"failed to load '%s' from CURLOPT_CAPATH\0" as *const u8 - as *const libc::c_char, - fullpath, - ); - } - #[cfg(not(CURLDEBUG))] - Curl_cfree.expect("non-null function pointer")(fullpath as *mut libc::c_void); - #[cfg(CURLDEBUG)] - curl_dbg_free( - fullpath as *mut libc::c_void, - 1715 as libc::c_int, - b"vtls/nss.c\0" as *const u8 as *const libc::c_char, - ); - } - PR_CloseDir(dir); - } else { - Curl_infof( - data, - b"warning: CURLOPT_CAPATH not a directory (%s)\0" as *const u8 - as *const libc::c_char, - capath, - ); - } - } - return CURLE_OK; - } - } - extern "C" fn nss_sslver_from_curl( - mut nssver: *mut PRUint16, - mut version: i64, - ) -> CURLcode { - unsafe{ - match version { - 2 => { - *nssver = 0x2 as PRUint16; - return CURLE_OK; - } - 3 => return CURLE_NOT_BUILT_IN, - 4 => { - *nssver = 0x301 as PRUint16; - return CURLE_OK; - } - 5 => { - match () { - #[cfg(SSL_LIBRARY_VERSION_TLS_1_1)] - _ => { - *nssver = 0x302 as PRUint16; - return CURLE_OK; - } - #[cfg(not(SSL_LIBRARY_VERSION_TLS_1_1))] - _ => { - return CURLE_SSL_CONNECT_ERROR; - } - } - // #[cfg(SSL_LIBRARY_VERSION_TLS_1_1)] - // *nssver = 0x302 as i32 as PRUint16; - // #[cfg(SSL_LIBRARY_VERSION_TLS_1_1)] - // return CURLE_OK; - // #[cfg(not(SSL_LIBRARY_VERSION_TLS_1_1))] - // return CURLE_SSL_CONNECT_ERROR; - } - 6 => { - match () { - #[cfg(SSL_LIBRARY_VERSION_TLS_1_2)] - _ => { - *nssver = 0x303 as PRUint16; - return CURLE_OK; - } - #[cfg(not(SSL_LIBRARY_VERSION_TLS_1_2))] - _ => { - return CURLE_SSL_CONNECT_ERROR; - } - } - // #[cfg(SSL_LIBRARY_VERSION_TLS_1_2)] - // *nssver = 0x303 as i32 as PRUint16; - // #[cfg(SSL_LIBRARY_VERSION_TLS_1_2)] - // return CURLE_OK; - // #[cfg(not(SSL_LIBRARY_VERSION_TLS_1_2))] - // return CURLE_SSL_CONNECT_ERROR; - } - 7 => { - match () { - #[cfg(SSL_LIBRARY_VERSION_TLS_1_3)] - _ => { - *nssver = 0x304 as PRUint16; - return CURLE_OK; - } - #[cfg(not(SSL_LIBRARY_VERSION_TLS_1_3))] - _ => { - return CURLE_SSL_CONNECT_ERROR; - } - } - // #[cfg(SSL_LIBRARY_VERSION_TLS_1_3)] - // *nssver = 0x304 as i32 as PRUint16; - // #[cfg(SSL_LIBRARY_VERSION_TLS_1_3)] - // return CURLE_OK; - // #[cfg(not(SSL_LIBRARY_VERSION_TLS_1_3))] - // return CURLE_SSL_CONNECT_ERROR; - } - _ => return CURLE_SSL_CONNECT_ERROR, - }; - } - } - extern "C" fn nss_init_sslver( - mut sslver: *mut SSLVersionRange, - mut data: *mut Curl_easy, - mut conn: *mut connectdata, - ) -> CURLcode { - unsafe{ - let mut result: CURLcode = CURLE_OK; - #[cfg(not(CURL_DISABLE_PROXY))] - let min: i64 = if CURLPROXY_HTTPS as u32 - == (*conn).http_proxy.proxytype as u32 - && ssl_connection_complete as u32 - != (*conn).proxy_ssl[(if (*conn).sock[1 as usize] == -(1 as i32) - { - 0 as i32 - } else { - 1 as i32 - }) as usize] - .state as u32 - { - (*conn).proxy_ssl_config.version - } else { - (*conn).ssl_config.version - }; - #[cfg(CURL_DISABLE_PROXY)] - let min: i64 = (*conn).ssl_config.version; - #[cfg(not(CURL_DISABLE_PROXY))] - let max: i64 = if CURLPROXY_HTTPS as u32 - == (*conn).http_proxy.proxytype as u32 - && ssl_connection_complete as u32 - != (*conn).proxy_ssl[(if (*conn).sock[1 as usize] == -(1 as i32) - { - 0 as i32 - } else { - 1 as i32 - }) as usize] - .state as u32 - { - (*conn).proxy_ssl_config.version_max - } else { - (*conn).ssl_config.version_max - }; - #[cfg(CURL_DISABLE_PROXY)] - let max: i64 = (*conn).ssl_config.version_max; - let mut vrange: SSLVersionRange = SSLVersionRange { min: 0, max: 0 }; - match min { - 1 | 0 => { - /* Bump our minimum TLS version if NSS has stricter requirements. */ - if SSL_VersionRangeGetDefault(ssl_variant_stream, &mut vrange) as i32 - != SECSuccess as i32 - { - return CURLE_SSL_CONNECT_ERROR; - } - if ((*sslver).min as i32) < vrange.min as i32 { - (*sslver).min = vrange.min; - } - } - _ => { - result = nss_sslver_from_curl(&mut (*sslver).min, min); - if result as u64 != 0 { - Curl_failf( - data, - b"unsupported min version passed via CURLOPT_SSLVERSION\0" as *const u8 - as *const libc::c_char, - ); - return result; - } - } - } - match max { - 0 | 65536 => {} - _ => { - result = nss_sslver_from_curl(&mut (*sslver).max, max >> 16 as i32); - if result as u64 != 0 { - Curl_failf( - data, - b"unsupported max version passed via CURLOPT_SSLVERSION\0" as *const u8 - as *const libc::c_char, - ); - return result; - } - } - } - return CURLE_OK; - } - } - extern "C" fn nss_fail_connect( - mut connssl: *mut ssl_connect_data, - mut data: *mut Curl_easy, - mut curlerr: CURLcode, - ) -> CURLcode { - unsafe{ - let mut backend: *mut ssl_backend_data = (*connssl).backend; - if is_nss_error(curlerr) { - /* read NSPR error code */ - let mut err: PRErrorCode = PR_GetError(); - if is_cc_error(err) { - curlerr = CURLE_SSL_CERTPROBLEM; - } - /* print the error number and error string */ - Curl_infof( - data, - b"NSS error %d (%s)\0" as *const u8 as *const libc::c_char, - err, - nss_error_to_name(err), - ); - /* print a human-readable message describing the error if available */ - nss_print_error_message(data, err as PRUint32); - } - /* cleanup on connection failure */ - Curl_llist_destroy(&mut (*backend).obj_list, 0 as *mut libc::c_void); - return curlerr; - } - } - - /* Switch the SSL socket into blocking or non-blocking mode. */ - extern "C" fn nss_set_blocking( - mut connssl: *mut ssl_connect_data, - mut data: *mut Curl_easy, - mut blocking: bool, - ) -> CURLcode { - unsafe{ - let mut sock_opt: PRSocketOptionData = PRSocketOptionData { - option: PR_SockOpt_Nonblocking, - value: nss_C2RustUnnamed_5 { ip_ttl: 0 }, - }; - let mut backend: *mut ssl_backend_data = (*connssl).backend; - sock_opt.option = PR_SockOpt_Nonblocking; - sock_opt.value.non_blocking = !blocking as i32; - if PR_SetSocketOption((*backend).nss_handle, &mut sock_opt) as i32 - != PR_SUCCESS as i32 - { - return nss_fail_connect(connssl, data, CURLE_SSL_CONNECT_ERROR); - } - return CURLE_OK; - } - } - // unsafe extern "C" fn nss_setup_connect( - // mut data: *mut Curl_easy, - // mut conn: *mut connectdata, - // mut sockindex: i32, - // ) -> CURLcode { - // let mut current_block: u64; - // let mut model: *mut PRFileDesc = 0 as *mut PRFileDesc; - // let mut nspr_io: *mut PRFileDesc = 0 as *mut PRFileDesc; - // let mut nspr_io_stub: *mut PRFileDesc = 0 as *mut PRFileDesc; - // let mut ssl_no_cache: PRBool = 0; - // let mut ssl_cbc_random_iv: PRBool = 0; - // let mut sockfd: curl_socket_t = (*conn).sock[sockindex as usize]; - // let mut connssl: *mut ssl_connect_data = - // &mut *((*conn).ssl).as_mut_ptr().offset(sockindex as isize) as *mut ssl_connect_data; - // let mut backend: *mut ssl_backend_data = (*connssl).backend; - // let mut result: CURLcode = CURLE_OK; - // let mut second_layer: bool = 0 as i32 != 0; - // let mut sslver_supported: SSLVersionRange = SSLVersionRange { min: 0, max: 0 }; - // let mut sslver: SSLVersionRange = { - // let mut init = SSLVersionRangeStr { - // min: 0x301 as i32 as PRUint16, - // max: 0x304 as i32 as PRUint16, - // }; - // init - // }; - // let ref mut fresh17 = (*backend).data; - // *fresh17 = data; - // Curl_llist_init( - // &mut (*backend).obj_list, - // Some( - // nss_destroy_object as unsafe extern "C" fn(*mut libc::c_void, *mut libc::c_void) -> (), - // ), - // ); - // PR_Lock(nss_initlock); - // result = nss_setup(data); - // if result as u64 != 0 { - // PR_Unlock(nss_initlock); - // } else { - // PK11_SetPasswordFunc(Some( - // nss_get_password - // as unsafe extern "C" fn( - // *mut PK11SlotInfo, - // PRBool, - // *mut libc::c_void, - // ) -> *mut libc::c_char, - // )); - // result = nss_load_module( - // &mut pem_module, - // pem_library, - // b"PEM\0" as *const u8 as *const libc::c_char, - // ); - // PR_Unlock(nss_initlock); - // if result as u32 == CURLE_FAILED_INIT as i32 as u32 { - // Curl_infof( - // data, - // b"WARNING: failed to load NSS PEM library %s. Using OpenSSL PEM certificates will not work.\0" - // as *const u8 as *const libc::c_char, - // pem_library, - // ); - // current_block = 6009453772311597924; - // } else if result as u64 != 0 { - // current_block = 8192695711153237833; - // } else { - // current_block = 6009453772311597924; - // } - // match current_block { - // 8192695711153237833 => {} - // _ => { - // result = CURLE_SSL_CONNECT_ERROR; - // model = PR_NewTCPSocket(); - // if !model.is_null() { - // model = SSL_ImportFD(0 as *mut PRFileDesc, model); - // if !(SSL_OptionSet(model, 1 as i32, 1 as i32) as i32 - // != SECSuccess as i32) - // { - // if !(SSL_OptionSet(model, 6 as i32, 0 as i32) - // as i32 - // != SECSuccess as i32) - // { - // if !(SSL_OptionSet(model, 5 as i32, 1 as i32) - // as i32 - // != SECSuccess as i32) - // { - // ssl_no_cache = if (if CURLPROXY_HTTPS as i32 as u32 - // == (*conn).http_proxy.proxytype as u32 - // && ssl_connection_complete as i32 as u32 - // != (*conn).proxy_ssl[(if (*conn).sock - // [1 as i32 as usize] - // == -(1 as i32) - // { - // 0 as i32 - // } else { - // 1 as i32 - // }) - // as usize] - // .state - // as u32 - // { - // ((*data).set.proxy_ssl.primary).sessionid() as i32 - // } else { - // ((*data).set.ssl.primary).sessionid() as i32 - // }) != 0 - // && (if CURLPROXY_HTTPS as i32 as u32 - // == (*conn).http_proxy.proxytype as u32 - // && ssl_connection_complete as i32 as u32 - // != (*conn).proxy_ssl[(if (*conn).sock - // [1 as i32 as usize] - // == -(1 as i32) - // { - // 0 as i32 - // } else { - // 1 as i32 - // }) - // as usize] - // .state - // as u32 - // { - // ((*conn).proxy_ssl_config).verifypeer() as i32 - // } else { - // ((*conn).ssl_config).verifypeer() as i32 - // }) != 0 - // { - // 0 as i32 - // } else { - // 1 as i32 - // }; - // if !(SSL_OptionSet(model, 9 as i32, ssl_no_cache) - // as i32 - // != SECSuccess as i32) - // { - // if !(nss_init_sslver(&mut sslver, data, conn) as u32 - // != CURLE_OK as i32 as u32) - // { - // if !(SSL_VersionRangeGetSupported( - // ssl_variant_stream, - // &mut sslver_supported, - // ) - // as i32 - // != SECSuccess as i32) - // { - // if (sslver_supported.max as i32) - // < sslver.max as i32 - // && sslver_supported.max as i32 - // >= sslver.min as i32 - // { - // let mut sslver_req_str: *mut libc::c_char = - // 0 as *mut libc::c_char; - // let mut sslver_supp_str: *mut libc::c_char = - // 0 as *mut libc::c_char; - // sslver_req_str = nss_sslver_to_name(sslver.max); - // sslver_supp_str = - // nss_sslver_to_name(sslver_supported.max); - // if !sslver_req_str.is_null() - // && !sslver_supp_str.is_null() - // { - // Curl_infof( - // data, - // b"Falling back from %s to max supported SSL version (%s)\0" - // as *const u8 as *const libc::c_char, - // sslver_req_str, - // sslver_supp_str, - // ); - // } - // Curl_cfree.expect("non-null function pointer")( - // sslver_req_str as *mut libc::c_void, - // ); - // Curl_cfree.expect("non-null function pointer")( - // sslver_supp_str as *mut libc::c_void, - // ); - // sslver.max = sslver_supported.max; - // } - // if !(SSL_VersionRangeSet(model, &mut sslver) - // as i32 - // != SECSuccess as i32) - // { - // ssl_cbc_random_iv = (if CURLPROXY_HTTPS - // as i32 - // as u32 - // == (*conn).http_proxy.proxytype as u32 - // && ssl_connection_complete as i32 - // as u32 - // != (*conn).proxy_ssl[(if (*conn).sock - // [1 as i32 as usize] - // == -(1 as i32) - // { - // 0 as i32 - // } else { - // 1 as i32 - // }) - // as usize] - // .state - // as u32 - // { - // ((*data).set.proxy_ssl).enable_beast() - // as i32 - // } else { - // ((*data).set.ssl).enable_beast() as i32 - // } == 0) - // as i32; - // if SSL_OptionSet( - // model, - // 23 as i32, - // ssl_cbc_random_iv, - // ) - // as i32 - // != SECSuccess as i32 - // { - // Curl_infof( - // data, - // b"warning: failed to set SSL_CBC_RANDOM_IV = %d\0" - // as *const u8 as *const libc::c_char, - // ssl_cbc_random_iv, - // ); - // } - // if !if CURLPROXY_HTTPS as i32 - // as u32 - // == (*conn).http_proxy.proxytype as u32 - // && ssl_connection_complete as i32 - // as u32 - // != (*conn).proxy_ssl[(if (*conn).sock - // [1 as i32 as usize] - // == -(1 as i32) - // { - // 0 as i32 - // } else { - // 1 as i32 - // }) - // as usize] - // .state - // as u32 - // { - // (*conn).proxy_ssl_config.cipher_list - // } else { - // (*conn).ssl_config.cipher_list - // } - // .is_null() - // { - // if set_ciphers( - // data, - // model, - // (if CURLPROXY_HTTPS as i32 - // as u32 - // == (*conn).http_proxy.proxytype - // as u32 - // && ssl_connection_complete - // as i32 - // as u32 - // != (*conn).proxy_ssl[(if (*conn) - // .sock - // [1 as i32 as usize] - // == -(1 as i32) - // { - // 0 as i32 - // } else { - // 1 as i32 - // }) - // as usize] - // .state - // as u32 - // { - // (*conn).proxy_ssl_config.cipher_list - // } else { - // (*conn).ssl_config.cipher_list - // }), - // ) - // as i32 - // != SECSuccess as i32 - // { - // result = CURLE_SSL_CIPHER; - // current_block = 8192695711153237833; - // } else { - // current_block = 12381812505308290051; - // } - // } else { - // current_block = 12381812505308290051; - // } - // match current_block { - // 8192695711153237833 => {} - // _ => { - // if (if CURLPROXY_HTTPS as i32 - // as u32 - // == (*conn).http_proxy.proxytype - // as u32 - // && ssl_connection_complete - // as i32 - // as u32 - // != (*conn).proxy_ssl[(if (*conn) - // .sock - // [1 as i32 as usize] - // == -(1 as i32) - // { - // 0 as i32 - // } else { - // 1 as i32 - // }) - // as usize] - // .state - // as u32 - // { - // ((*conn).proxy_ssl_config).verifypeer() - // as i32 - // } else { - // ((*conn).ssl_config).verifypeer() - // as i32 - // }) == 0 - // && (if CURLPROXY_HTTPS as i32 - // as u32 - // == (*conn).http_proxy.proxytype - // as u32 - // && ssl_connection_complete - // as i32 - // as u32 - // != (*conn).proxy_ssl[(if (*conn) - // .sock - // [1 as i32 as usize] - // == -(1 as i32) - // { - // 0 as i32 - // } else { - // 1 as i32 - // }) - // as usize] - // .state - // as u32 - // { - // ((*conn).proxy_ssl_config) - // .verifyhost() - // as i32 - // } else { - // ((*conn).ssl_config).verifyhost() - // as i32 - // }) != 0 - // { - // Curl_infof( - // data, - // b"warning: ignoring value of ssl.verifyhost\0" as *const u8 - // as *const libc::c_char, - // ); - // } - // if !(SSL_AuthCertificateHook( - // model, - // Some( - // nss_auth_cert_hook - // as unsafe extern "C" fn( - // *mut libc::c_void, - // *mut PRFileDesc, - // PRBool, - // PRBool, - // ) -> SECStatus, - // ), - // data as *mut libc::c_void, - // ) as i32 != SECSuccess as i32) - // { - // *if CURLPROXY_HTTPS as i32 as u32 - // == (*conn).http_proxy.proxytype as u32 - // && ssl_connection_complete as i32 as u32 - // != (*conn) - // .proxy_ssl[(if (*conn).sock[1 as i32 as usize] - // == -(1 as i32) - // { - // 0 as i32 - // } else { - // 1 as i32 - // }) as usize] - // .state as u32 - // { - // &mut (*data).set.proxy_ssl.certverifyresult - // } else { - // &mut (*data).set.ssl.certverifyresult - // } = 0 as i32 as i64; - // if !(SSL_BadCertHook( - // model, - // Some( - // BadCertHandler - // as unsafe extern "C" fn( - // *mut libc::c_void, - // *mut PRFileDesc, - // ) -> SECStatus, - // ), - // data as *mut libc::c_void, - // ) as i32 != SECSuccess as i32) - // { - // if !(SSL_HandshakeCallback( - // model, - // Some( - // HandshakeCallback - // as unsafe extern "C" fn( - // *mut PRFileDesc, - // *mut libc::c_void, - // ) -> (), - // ), - // data as *mut libc::c_void, - // ) as i32 != SECSuccess as i32) - // { - // let rv: CURLcode = nss_load_ca_certificates( - // data, - // conn, - // sockindex, - // ); - // if rv as u32 - // == CURLE_SSL_CACERT_BADFILE as i32 as u32 - // && (if CURLPROXY_HTTPS as i32 as u32 - // == (*conn).http_proxy.proxytype as u32 - // && ssl_connection_complete as i32 as u32 - // != (*conn) - // .proxy_ssl[(if (*conn).sock[1 as i32 as usize] - // == -(1 as i32) - // { - // 0 as i32 - // } else { - // 1 as i32 - // }) as usize] - // .state as u32 - // { - // ((*conn).proxy_ssl_config).verifypeer() as i32 - // } else { - // ((*conn).ssl_config).verifypeer() as i32 - // }) == 0 - // { - // Curl_infof( - // data, - // b"warning: CA certificates failed to load\0" as *const u8 - // as *const libc::c_char, - // ); - // current_block = 6528285054092551010; - // } else if rv as u64 != 0 { - // result = rv; - // current_block = 8192695711153237833; - // } else { - // current_block = 6528285054092551010; - // } - // match current_block { - // 8192695711153237833 => {} - // _ => { - // if !if CURLPROXY_HTTPS as i32 as u32 - // == (*conn).http_proxy.proxytype as u32 - // && ssl_connection_complete as i32 as u32 - // != (*conn) - // .proxy_ssl[(if (*conn).sock[1 as i32 as usize] - // == -(1 as i32) - // { - // 0 as i32 - // } else { - // 1 as i32 - // }) as usize] - // .state as u32 - // { - // (*data).set.proxy_ssl.CRLfile - // } else { - // (*data).set.ssl.CRLfile - // } - // .is_null() - // { - // let rv_0: CURLcode = nss_load_crl( - // if CURLPROXY_HTTPS as i32 as u32 - // == (*conn).http_proxy.proxytype as u32 - // && ssl_connection_complete as i32 as u32 - // != (*conn) - // .proxy_ssl[(if (*conn).sock[1 as i32 as usize] - // == -(1 as i32) - // { - // 0 as i32 - // } else { - // 1 as i32 - // }) as usize] - // .state as u32 - // { - // (*data).set.proxy_ssl.CRLfile - // } else { - // (*data).set.ssl.CRLfile - // }, - // ); - // if rv_0 as u64 != 0 { - // result = rv_0; - // current_block = 8192695711153237833; - // } else { - // Curl_infof( - // data, - // b" CRLfile: %s\0" as *const u8 as *const libc::c_char, - // if CURLPROXY_HTTPS as i32 as u32 - // == (*conn).http_proxy.proxytype as u32 - // && ssl_connection_complete as i32 as u32 - // != (*conn) - // .proxy_ssl[(if (*conn).sock[1 as i32 as usize] - // == -(1 as i32) - // { - // 0 as i32 - // } else { - // 1 as i32 - // }) as usize] - // .state as u32 - // { - // (*data).set.proxy_ssl.CRLfile - // } else { - // (*data).set.ssl.CRLfile - // }, - // ); - // current_block = 14001958660280927786; - // } - // } else { - // current_block = 14001958660280927786; - // } - // match current_block { - // 8192695711153237833 => {} - // _ => { - // if !if CURLPROXY_HTTPS as i32 as u32 - // == (*conn).http_proxy.proxytype as u32 - // && ssl_connection_complete as i32 as u32 - // != (*conn) - // .proxy_ssl[(if (*conn).sock[1 as i32 as usize] - // == -(1 as i32) - // { - // 0 as i32 - // } else { - // 1 as i32 - // }) as usize] - // .state as u32 - // { - // (*data).set.proxy_ssl.primary.clientcert - // } else { - // (*data).set.ssl.primary.clientcert - // } - // .is_null() - // { - // let mut nickname: *mut libc::c_char = dup_nickname( - // data, - // if CURLPROXY_HTTPS as i32 as u32 - // == (*conn).http_proxy.proxytype as u32 - // && ssl_connection_complete as i32 as u32 - // != (*conn) - // .proxy_ssl[(if (*conn).sock[1 as i32 as usize] - // == -(1 as i32) - // { - // 0 as i32 - // } else { - // 1 as i32 - // }) as usize] - // .state as u32 - // { - // (*data).set.proxy_ssl.primary.clientcert - // } else { - // (*data).set.ssl.primary.clientcert - // }, - // ); - // if !nickname.is_null() { - // let ref mut fresh18 = (*backend).obj_clicert; - // *fresh18 = 0 as *mut PK11GenericObject; - // current_block = 7178192492338286402; - // } else { - // let mut rv_1: CURLcode = cert_stuff( - // data, - // conn, - // sockindex, - // if CURLPROXY_HTTPS as i32 as u32 - // == (*conn).http_proxy.proxytype as u32 - // && ssl_connection_complete as i32 as u32 - // != (*conn) - // .proxy_ssl[(if (*conn).sock[1 as i32 as usize] - // == -(1 as i32) - // { - // 0 as i32 - // } else { - // 1 as i32 - // }) as usize] - // .state as u32 - // { - // (*data).set.proxy_ssl.primary.clientcert - // } else { - // (*data).set.ssl.primary.clientcert - // }, - // if CURLPROXY_HTTPS as i32 as u32 - // == (*conn).http_proxy.proxytype as u32 - // && ssl_connection_complete as i32 as u32 - // != (*conn) - // .proxy_ssl[(if (*conn).sock[1 as i32 as usize] - // == -(1 as i32) - // { - // 0 as i32 - // } else { - // 1 as i32 - // }) as usize] - // .state as u32 - // { - // (*data).set.proxy_ssl.key - // } else { - // (*data).set.ssl.key - // }, - // ); - // if rv_1 as u64 != 0 { - // result = rv_1; - // current_block = 8192695711153237833; - // } else { - // current_block = 7178192492338286402; - // } - // } - // match current_block { - // 8192695711153237833 => {} - // _ => { - // let ref mut fresh19 = (*backend).client_nickname; - // *fresh19 = nickname; - // current_block = 9437375157805982253; - // } - // } - // } else { - // let ref mut fresh20 = (*backend).client_nickname; - // *fresh20 = 0 as *mut libc::c_char; - // current_block = 9437375157805982253; - // } - // match current_block { - // 8192695711153237833 => {} - // _ => { - // if SSL_GetClientAuthDataHook( - // model, - // Some( - // SelectClientCert - // as unsafe extern "C" fn( - // *mut libc::c_void, - // *mut PRFileDesc, - // *mut CERTDistNamesStr, - // *mut *mut CERTCertificateStr, - // *mut *mut SECKEYPrivateKeyStr, - // ) -> SECStatus, - // ), - // connssl as *mut libc::c_void, - // ) as i32 != SECSuccess as i32 - // { - // result = CURLE_SSL_CERTPROBLEM; - // } else { - // if ((*conn).proxy_ssl[sockindex as usize]).use_0() != 0 { - // nspr_io = (*(*conn).proxy_ssl[sockindex as usize].backend) - // handle; - // second_layer = 1 as i32 != 0; - // current_block = 10393716428851982524; - // } else { - // nspr_io = PR_ImportTCPSocket(sockfd); - // if nspr_io.is_null() { - // current_block = 8192695711153237833; - // } else { - // current_block = 10393716428851982524; - // } - // } - // match current_block { - // 8192695711153237833 => {} - // _ => { - // nspr_io_stub = PR_CreateIOLayerStub( - // nspr_io_identity, - // &mut nspr_io_methods, - // ); - // if nspr_io_stub.is_null() { - // if !second_layer { - // PR_Close(nspr_io); - // } - // } else { - // let ref mut fresh21 = (*nspr_io_stub).secret; - // *fresh21 = connssl as *mut libc::c_void - // as *mut PRFilePrivate; - // if PR_PushIOLayer( - // nspr_io, - // -(2 as i32), - // nspr_io_stub, - // ) as i32 != PR_SUCCESS as i32 - // { - // if !second_layer { - // PR_Close(nspr_io); - // } - // PR_Close(nspr_io_stub); - // } else { - // let ref mut fresh22 = (*backend).handle; - // *fresh22 = SSL_ImportFD(model, nspr_io); - // if ((*backend).handle).is_null() { - // if !second_layer { - // PR_Close(nspr_io); - // } - // } else { - // PR_Close(model); - // model = 0 as *mut PRFileDesc; - // if !if CURLPROXY_HTTPS as i32 as u32 - // == (*conn).http_proxy.proxytype as u32 - // && ssl_connection_complete as i32 as u32 - // != (*conn) - // .proxy_ssl[(if (*conn).sock[1 as i32 as usize] - // == -(1 as i32) - // { - // 0 as i32 - // } else { - // 1 as i32 - // }) as usize] - // .state as u32 - // { - // (*data).set.proxy_ssl.key_passwd - // } else { - // (*data).set.ssl.key_passwd - // } - // .is_null() - // { - // SSL_SetPKCS11PinArg( - // (*backend).handle, - // (if CURLPROXY_HTTPS as i32 as u32 - // == (*conn).http_proxy.proxytype as u32 - // && ssl_connection_complete as i32 as u32 - // != (*conn) - // .proxy_ssl[(if (*conn).sock[1 as i32 as usize] - // == -(1 as i32) - // { - // 0 as i32 - // } else { - // 1 as i32 - // }) as usize] - // .state as u32 - // { - // (*data).set.proxy_ssl.key_passwd - // } else { - // (*data).set.ssl.key_passwd - // }) as *mut libc::c_void, - // ); - // } - // if if CURLPROXY_HTTPS as i32 as u32 - // == (*conn).http_proxy.proxytype as u32 - // && ssl_connection_complete as i32 as u32 - // != (*conn) - // .proxy_ssl[(if (*conn).sock[1 as i32 as usize] - // == -(1 as i32) - // { - // 0 as i32 - // } else { - // 1 as i32 - // }) as usize] - // .state as u32 - // { - // ((*conn).proxy_ssl_config).verifystatus() as i32 - // } else { - // ((*conn).ssl_config).verifystatus() as i32 - // } != 0 - // { - // if SSL_OptionSet( - // (*backend).handle, - // 24 as i32, - // 1 as i32, - // ) as i32 != SECSuccess as i32 - // { - // current_block = 8192695711153237833; - // } else { - // current_block = 4983594971376015098; - // } - // } else { - // current_block = 4983594971376015098; - // } - // match current_block { - // 8192695711153237833 => {} - // _ => { - // if !(SSL_OptionSet( - // (*backend).handle, - // 25 as i32, - // (if ((*conn).bits).tls_enable_npn() as i32 != 0 { - // 1 as i32 - // } else { - // 0 as i32 - // }), - // ) as i32 != SECSuccess as i32) - // { - // if !(SSL_OptionSet( - // (*backend).handle, - // 26 as i32, - // (if ((*conn).bits).tls_enable_alpn() as i32 != 0 { - // 1 as i32 - // } else { - // 0 as i32 - // }), - // ) as i32 != SECSuccess as i32) - // { - // if ((*data).set.ssl).falsestart() != 0 { - // if SSL_OptionSet( - // (*backend).handle, - // 22 as i32, - // 1 as i32, - // ) as i32 != SECSuccess as i32 - // { - // current_block = 8192695711153237833; - // } else if SSL_SetCanFalseStartCallback( - // (*backend).handle, - // Some( - // CanFalseStartCallback - // as unsafe extern "C" fn( - // *mut PRFileDesc, - // *mut libc::c_void, - // *mut PRBool, - // ) -> SECStatus, - // ), - // data as *mut libc::c_void, - // ) as i32 != SECSuccess as i32 - // { - // current_block = 8192695711153237833; - // } else { - // current_block = 16375338222180917333; - // } - // } else { - // current_block = 16375338222180917333; - // } - // match current_block { - // 8192695711153237833 => {} - // _ => { - // if ((*conn).bits).tls_enable_npn() as i32 != 0 - // || ((*conn).bits).tls_enable_alpn() as i32 != 0 - // { - // let mut cur: i32 = 0 as i32; - // let mut protocols: [u8; 128] = [0; 128]; - // if (*data).state.httpwant as i32 - // >= CURL_HTTP_VERSION_2_0 as i32 - // && (!(CURLPROXY_HTTPS as i32 as u32 - // == (*conn).http_proxy.proxytype as u32 - // && ssl_connection_complete as i32 as u32 - // != (*conn) - // .proxy_ssl[(if (*conn).sock[1 as i32 as usize] - // == -(1 as i32) - // { - // 0 as i32 - // } else { - // 1 as i32 - // }) as usize] - // .state as u32) - // || ((*conn).bits).tunnel_proxy() == 0) - // { - // let fresh23 = cur; - // cur = cur + 1; - // protocols[fresh23 - // as usize] = 2 as i32 as u8; - // memcpy( - // &mut *protocols.as_mut_ptr().offset(cur as isize) - // as *mut u8 as *mut libc::c_void, - // b"h2\0" as *const u8 as *const libc::c_char - // as *const libc::c_void, - // 2 as i32 as u64, - // ); - // cur += 2 as i32; - // } - // let fresh24 = cur; - // cur = cur + 1; - // protocols[fresh24 - // as usize] = 8 as i32 as u8; - // memcpy( - // &mut *protocols.as_mut_ptr().offset(cur as isize) - // as *mut u8 as *mut libc::c_void, - // b"http/1.1\0" as *const u8 as *const libc::c_char - // as *const libc::c_void, - // 8 as i32 as u64, - // ); - // cur += 8 as i32; - // if SSL_SetNextProtoNego( - // (*backend).handle, - // protocols.as_mut_ptr(), - // cur as u32, - // ) as i32 != SECSuccess as i32 - // { - // current_block = 8192695711153237833; - // } else { - // current_block = 16910810822589621899; - // } - // } else { - // current_block = 16910810822589621899; - // } - // match current_block { - // 8192695711153237833 => {} - // _ => { - // if !(SSL_ResetHandshake((*backend).handle, 0 as i32) - // as i32 != SECSuccess as i32) - // { - // if !(SSL_SetURL( - // (*backend).handle, - // (if CURLPROXY_HTTPS as i32 as u32 - // == (*conn).http_proxy.proxytype as u32 - // && ssl_connection_complete as i32 as u32 - // != (*conn) - // .proxy_ssl[(if (*conn).sock[1 as i32 as usize] - // == -(1 as i32) - // { - // 0 as i32 - // } else { - // 1 as i32 - // }) as usize] - // .state as u32 - // { - // (*conn).http_proxy.host.name - // } else { - // (*conn).host.name - // }), - // ) as i32 != SECSuccess as i32) - // { - // if !(SSL_SetSockPeerID( - // (*backend).handle, - // (if CURLPROXY_HTTPS as i32 as u32 - // == (*conn).http_proxy.proxytype as u32 - // && ssl_connection_complete as i32 as u32 - // != (*conn) - // .proxy_ssl[(if (*conn).sock[1 as i32 as usize] - // == -(1 as i32) - // { - // 0 as i32 - // } else { - // 1 as i32 - // }) as usize] - // .state as u32 - // { - // (*conn).http_proxy.host.name - // } else { - // (*conn).host.name - // }), - // ) as i32 != SECSuccess as i32) - // { - // return CURLE_OK; - // } - // } - // } - // } - // } - // } - // } - // } - // } - // } - // } - // } - // } - // } - // } - // } - // } - // } - // } - // } - // } - // } - // } - // } - // } - // } - // } - // } - // } - // } - // } - // } - // } - // } - // } - // } - // } - // } - // } - // if !model.is_null() { - // PR_Close(model); - // } - // return nss_fail_connect(connssl, data, result); - // } - extern "C" fn nss_setup_connect( - mut data: *mut Curl_easy, - mut conn: *mut connectdata, - mut sockindex: i32, - ) -> CURLcode { - unsafe{ - let mut model: *mut PRFileDesc = 0 as *mut PRFileDesc; - let mut nspr_io: *mut PRFileDesc = 0 as *mut PRFileDesc; - let mut nspr_io_stub: *mut PRFileDesc = 0 as *mut PRFileDesc; - let mut ssl_no_cache: PRBool = 0; - let mut ssl_cbc_random_iv: PRBool = 0; - let mut sockfd: curl_socket_t = (*conn).sock[sockindex as usize]; - let mut connssl: *mut ssl_connect_data = - &mut *((*conn).ssl).as_mut_ptr().offset(sockindex as isize) as *mut ssl_connect_data; - let mut backend: *mut ssl_backend_data = (*connssl).backend; - let mut result: CURLcode = CURLE_OK; - let mut second_layer: bool = 0 as i32 != 0; - let mut sslver_supported: SSLVersionRange = SSLVersionRange { min: 0, max: 0 }; - let mut sslver: SSLVersionRange = { - #[cfg(SSL_LIBRARY_VERSION_TLS_1_3)] - let mut init = SSLVersionRangeStr { - min: 0x301 as PRUint16, - max: 0x304 as PRUint16, - }; - #[cfg(SSL_LIBRARY_VERSION_TLS_1_2)] - let mut init = SSLVersionRangeStr { - min: 0x301 as PRUint16, - max: 0x303 as PRUint16, - }; - #[cfg(SSL_LIBRARY_VERSION_TLS_1_1)] - let mut init = SSLVersionRangeStr { - min: 0x301 as PRUint16, - max: 0x302 as PRUint16, - }; - #[cfg(all(not(SSL_LIBRARY_VERSION_TLS_1_3), not(SSL_LIBRARY_VERSION_TLS_1_2), not(SSL_LIBRARY_VERSION_TLS_1_1)))] - let mut init = SSLVersionRangeStr { - min: 0x301 as PRUint16, - max: 0x301 as PRUint16, - }; - init - }; - (*backend).data = data; - /* list of all NSS objects we need to destroy in nss_do_close() */ - Curl_llist_init( - &mut (*backend).obj_list, - Some( - nss_destroy_object as unsafe extern "C" fn(*mut libc::c_void, *mut libc::c_void) -> (), - ), - ); - PR_Lock(nss_initlock); - result = nss_setup(data); - // 创建一个循环 - // 循环开始 - 'error: loop { - if result as u64 != 0 { - PR_Unlock(nss_initlock); - break 'error; - } - PK11_SetPasswordFunc( - Some( - nss_get_password - as unsafe extern "C" fn( - *mut PK11SlotInfo, - PRBool, - *mut libc::c_void, - ) -> *mut libc::c_char, - ), - ); - result = nss_load_module( - &mut pem_module, - pem_library, - b"PEM\0" as *const u8 as *const libc::c_char, - ); - PR_Unlock(nss_initlock); - if result as u32 == CURLE_FAILED_INIT as i32 as u32 { - Curl_infof( + unsafe { + PR_Recv( + (*backend).nss_handle, + buf.as_mut_ptr() as *mut libc::c_void, + ::std::mem::size_of::<[libc::c_char; 32]>() as i32, + 0 as i32, + 0 as PRIntervalTime, + ); + } + } + unsafe { + #[cfg(not(CURLDEBUG))] + Curl_cfree.expect("non-null function pointer")( + (*backend).client_nickname as *mut libc::c_void, + ); + #[cfg(CURLDEBUG)] + curl_dbg_free( + (*backend).client_nickname as *mut libc::c_void, + 1557 as libc::c_int, + b"vtls/nss.c\0" as *const u8 as *const libc::c_char, + ); + (*backend).client_nickname = 0 as *mut libc::c_char; + /* destroy all NSS objects in order to avoid failure of NSS shutdown */ + Curl_llist_destroy(&mut (*backend).obj_list, 0 as *mut libc::c_void); + + (*backend).obj_clicert = 0 as *mut PK11GenericObject; + } + if unsafe { !((*backend).nss_handle).is_null() } { + if client_cert { + /* A server might require different authentication based on the + * particular path being requested by the client. To support this + * scenario, we must ensure that a connection will never reuse the + * authentication data from a previous connection. */ + unsafe { + SSL_InvalidateSession((*backend).nss_handle); + } + } + unsafe { + PR_Close((*backend).nss_handle); + (*backend).nss_handle = 0 as *mut PRFileDesc; + } + } +} + +/* + * This function is called when an SSL connection is closed. + */ +extern "C" fn nss_close(mut data: *mut Curl_easy, mut conn: *mut connectdata, mut sockindex: i32) { + let mut connssl: *mut ssl_connect_data = unsafe { + &mut *((*conn).ssl).as_mut_ptr().offset(sockindex as isize) as *mut ssl_connect_data + }; + #[cfg(not(CURL_DISABLE_PROXY))] + let mut connssl_proxy: *mut ssl_connect_data = unsafe { + &mut *((*conn).proxy_ssl).as_mut_ptr().offset(sockindex as isize) as *mut ssl_connect_data + }; + + let mut backend: *mut ssl_backend_data = unsafe { (*connssl).backend }; + #[cfg(not(CURL_DISABLE_PROXY))] + let CURL_DISABLE_PROXY_3 = unsafe { !((*(*connssl_proxy).backend).nss_handle).is_null() }; + #[cfg(CURL_DISABLE_PROXY)] + let CURL_DISABLE_PROXY_3 = false; + if unsafe { !((*backend).nss_handle).is_null() } || CURL_DISABLE_PROXY_3 { + unsafe { + #[cfg(CURLDEBUG)] + curl_dbg_mark_sclose( + (*conn).sock[sockindex as usize], + 1597, + b"vtls/nss.c\0" as *const u8 as *const libc::c_char, + ); + (*conn).sock[sockindex as usize] = -(1 as i32); + } + } + #[cfg(not(CURL_DISABLE_PROXY))] + unsafe { + if !((*backend).nss_handle).is_null() { + (*(*connssl_proxy).backend).nss_handle = 0 as *mut PRFileDesc; + } + } + #[cfg(not(CURL_DISABLE_PROXY))] + close_one(connssl_proxy); + close_one(connssl); +} + +/* return true if NSS can provide error code (and possibly msg) for the +error */ +extern "C" fn is_nss_error(mut err: CURLcode) -> bool { + match err as u32 { + 60 | 58 | 35 | 83 => return 1 as i32 != 0, + _ => return 0 as i32 != 0, + }; +} + +/* return true if the given error code is related to a client certificate */ +extern "C" fn is_cc_error(mut err: PRInt32) -> bool { + match err { + -12271 | -12269 | -12270 => return 1 as i32 != 0, + _ => return 0 as i32 != 0, + }; +} + +extern "C" fn nss_load_ca_certificates( + mut data: *mut Curl_easy, + mut conn: *mut connectdata, + mut sockindex: i32, +) -> CURLcode { + #[cfg(not(CURL_DISABLE_PROXY))] + let mut cafile: *const libc::c_char = unsafe { + if CURLPROXY_HTTPS as u32 == (*conn).http_proxy.proxytype as u32 + && ssl_connection_complete as u32 + != (*conn).proxy_ssl[(if (*conn).sock[1 as usize] == -(1 as i32) { + 0 as i32 + } else { + 1 as i32 + }) as usize] + .state as u32 + { + (*conn).proxy_ssl_config.CAfile + } else { + (*conn).ssl_config.CAfile + } + }; + #[cfg(CURL_DISABLE_PROXY)] + let mut cafile: *const libc::c_char = unsafe { (*conn).ssl_config.CAfile }; + #[cfg(not(CURL_DISABLE_PROXY))] + let mut capath: *const libc::c_char = unsafe { + if CURLPROXY_HTTPS as u32 == (*conn).http_proxy.proxytype as u32 + && ssl_connection_complete as u32 + != (*conn).proxy_ssl[(if (*conn).sock[1 as usize] == -(1 as i32) { + 0 as i32 + } else { + 1 as i32 + }) as usize] + .state as u32 + { + (*conn).proxy_ssl_config.CApath + } else { + (*conn).ssl_config.CApath + } + }; + #[cfg(CURL_DISABLE_PROXY)] + let mut capath: *const libc::c_char = unsafe { (*conn).ssl_config.CApath }; + let mut use_trust_module: bool = false; + let mut result: CURLcode = CURLE_OK; + + /* treat empty string as unset */ + if !cafile.is_null() && unsafe { *cafile.offset(0 as isize) == 0 } { + cafile = 0 as *const libc::c_char; + } + if !capath.is_null() && unsafe { *capath.offset(0 as isize) == 0 } { + capath = 0 as *const libc::c_char; + } + unsafe { + Curl_infof( + data, + b" CAfile: %s\0" as *const u8 as *const libc::c_char, + if !cafile.is_null() { + cafile + } else { + b"none\0" as *const u8 as *const libc::c_char + }, + ); + Curl_infof( + data, + b" CApath: %s\0" as *const u8 as *const libc::c_char, + if !capath.is_null() { + capath + } else { + b"none\0" as *const u8 as *const libc::c_char + }, + ); + } + + /* load libnssckbi.so if no other trust roots were specified */ + use_trust_module = cafile.is_null() && capath.is_null(); + unsafe { + PR_Lock(nss_trustload_lock); + } + if use_trust_module as i32 != 0 && unsafe { trust_module.is_null() } { + /* libnssckbi.so needed but not yet loaded --> load it! */ + result = unsafe { + nss_load_module( + &mut trust_module, + trust_library, + b"trust\0" as *const u8 as *const libc::c_char, + ) + }; + unsafe { + Curl_infof( + data, + b"%s %s\0" as *const u8 as *const libc::c_char, + if result as u32 != 0 { + b"failed to load\0" as *const u8 as *const libc::c_char + } else { + b"loaded\0" as *const u8 as *const libc::c_char + }, + trust_library, + ); + } + if result as u32 == CURLE_FAILED_INIT as i32 as u32 { + /* If libnssckbi.so is not available (or fails to load), one can still + use CA certificates stored in NSS database. Ignore the failure. */ + result = CURLE_OK; + } + } else if !use_trust_module && !unsafe { trust_module.is_null() } { + /* libnssckbi.so not needed but already loaded --> unload it! */ + unsafe { + Curl_infof( + data, + b"unloading %s\0" as *const u8 as *const libc::c_char, + trust_library, + ); + nss_unload_module(&mut trust_module); + } + } + unsafe { + PR_Unlock(nss_trustload_lock); + } + if !cafile.is_null() { + result = unsafe { + nss_load_cert( + &mut *((*conn).ssl).as_mut_ptr().offset(sockindex as isize), + cafile, + 1 as i32, + ) + }; + } + if result as u64 != 0 { + return result; + } + if !capath.is_null() { + let mut st: stat = stat { + st_dev: 0, + st_ino: 0, + st_nlink: 0, + st_mode: 0, + st_uid: 0, + st_gid: 0, + __pad0: 0, + st_rdev: 0, + st_size: 0, + st_blksize: 0, + st_blocks: 0, + st_atim: timespec { + tv_sec: 0, + tv_nsec: 0, + }, + st_mtim: timespec { + tv_sec: 0, + tv_nsec: 0, + }, + st_ctim: timespec { + tv_sec: 0, + tv_nsec: 0, + }, + __glibc_reserved: [0; 3], + }; + if stat(capath, &mut st) == -(1 as i32) { + return CURLE_SSL_CACERT_BADFILE; + } + if st.st_mode & 0o170000 as u32 == 0o40000 as u32 { + let mut entry: *mut PRDirEntry = 0 as *mut PRDirEntry; + let mut dir: *mut PRDir = unsafe { PR_OpenDir(capath) }; + if dir.is_null() { + return CURLE_SSL_CACERT_BADFILE; + } + loop { + entry = unsafe { + PR_ReadDir( + dir, + (PR_SKIP_BOTH as i32 | PR_SKIP_HIDDEN as i32) as PRDirFlags, + ) + }; + if entry.is_null() { + break; + } + let mut fullpath: *mut libc::c_char = unsafe { + curl_maprintf( + b"%s/%s\0" as *const u8 as *const libc::c_char, + capath, + (*entry).name, + ) + }; + if fullpath.is_null() { + unsafe { + PR_CloseDir(dir); + } + return CURLE_OUT_OF_MEMORY; + } + if CURLSHE_OK as u32 + != unsafe { + nss_load_cert( + &mut *((*conn).ssl).as_mut_ptr().offset(sockindex as isize), + fullpath, + 1 as i32, + ) as u32 + } + { + /* This is purposefully tolerant of errors so non-PEM files can + * be in the same directory */ + unsafe { + Curl_infof( + data, + b"failed to load '%s' from CURLOPT_CAPATH\0" as *const u8 + as *const libc::c_char, + fullpath, + ); + } + } + #[cfg(not(CURLDEBUG))] + unsafe { + Curl_cfree.expect("non-null function pointer")(fullpath as *mut libc::c_void); + } + #[cfg(CURLDEBUG)] + unsafe { + curl_dbg_free( + fullpath as *mut libc::c_void, + 1715 as libc::c_int, + b"vtls/nss.c\0" as *const u8 as *const libc::c_char, + ); + } + } + unsafe { + PR_CloseDir(dir); + } + } else { + unsafe { + Curl_infof( + data, + b"warning: CURLOPT_CAPATH not a directory (%s)\0" as *const u8 + as *const libc::c_char, + capath, + ); + } + } + } + return CURLE_OK; +} + +extern "C" fn nss_sslver_from_curl(mut nssver: *mut PRUint16, mut version: i64) -> CURLcode { + match version { + 2 => { + unsafe { + *nssver = 0x2 as PRUint16; + } + return CURLE_OK; + } + 3 => return CURLE_NOT_BUILT_IN, + 4 => { + unsafe { + *nssver = 0x301 as PRUint16; + } + return CURLE_OK; + } + 5 => { + match () { + #[cfg(SSL_LIBRARY_VERSION_TLS_1_1)] + _ => { + unsafe { + *nssver = 0x302 as PRUint16; + } + return CURLE_OK; + } + #[cfg(not(SSL_LIBRARY_VERSION_TLS_1_1))] + _ => { + return CURLE_SSL_CONNECT_ERROR; + } + } + // #[cfg(SSL_LIBRARY_VERSION_TLS_1_1)] + // *nssver = 0x302 as i32 as PRUint16; + // #[cfg(SSL_LIBRARY_VERSION_TLS_1_1)] + // return CURLE_OK; + // #[cfg(not(SSL_LIBRARY_VERSION_TLS_1_1))] + // return CURLE_SSL_CONNECT_ERROR; + } + 6 => { + match () { + #[cfg(SSL_LIBRARY_VERSION_TLS_1_2)] + _ => { + unsafe { + *nssver = 0x303 as PRUint16; + } + return CURLE_OK; + } + #[cfg(not(SSL_LIBRARY_VERSION_TLS_1_2))] + _ => { + return CURLE_SSL_CONNECT_ERROR; + } + } + // #[cfg(SSL_LIBRARY_VERSION_TLS_1_2)] + // *nssver = 0x303 as i32 as PRUint16; + // #[cfg(SSL_LIBRARY_VERSION_TLS_1_2)] + // return CURLE_OK; + // #[cfg(not(SSL_LIBRARY_VERSION_TLS_1_2))] + // return CURLE_SSL_CONNECT_ERROR; + } + 7 => { + match () { + #[cfg(SSL_LIBRARY_VERSION_TLS_1_3)] + _ => { + unsafe { + *nssver = 0x304 as PRUint16; + } + return CURLE_OK; + } + #[cfg(not(SSL_LIBRARY_VERSION_TLS_1_3))] + _ => { + return CURLE_SSL_CONNECT_ERROR; + } + } + // #[cfg(SSL_LIBRARY_VERSION_TLS_1_3)] + // *nssver = 0x304 as i32 as PRUint16; + // #[cfg(SSL_LIBRARY_VERSION_TLS_1_3)] + // return CURLE_OK; + // #[cfg(not(SSL_LIBRARY_VERSION_TLS_1_3))] + // return CURLE_SSL_CONNECT_ERROR; + } + _ => return CURLE_SSL_CONNECT_ERROR, + }; +} + +extern "C" fn nss_init_sslver( + mut sslver: *mut SSLVersionRange, + mut data: *mut Curl_easy, + mut conn: *mut connectdata, +) -> CURLcode { + let mut result: CURLcode = CURLE_OK; + #[cfg(not(CURL_DISABLE_PROXY))] + let min: i64 = unsafe { + if CURLPROXY_HTTPS as u32 == (*conn).http_proxy.proxytype as u32 + && ssl_connection_complete as u32 + != (*conn).proxy_ssl[(if (*conn).sock[1 as usize] == -(1 as i32) { + 0 as i32 + } else { + 1 as i32 + }) as usize] + .state as u32 + { + (*conn).proxy_ssl_config.version + } else { + (*conn).ssl_config.version + } + }; + #[cfg(CURL_DISABLE_PROXY)] + let min: i64 = unsafe { (*conn).ssl_config.version }; + #[cfg(not(CURL_DISABLE_PROXY))] + let max: i64 = unsafe { + if CURLPROXY_HTTPS as u32 == (*conn).http_proxy.proxytype as u32 + && ssl_connection_complete as u32 + != (*conn).proxy_ssl[(if (*conn).sock[1 as usize] == -(1 as i32) { + 0 as i32 + } else { + 1 as i32 + }) as usize] + .state as u32 + { + (*conn).proxy_ssl_config.version_max + } else { + (*conn).ssl_config.version_max + } + }; + #[cfg(CURL_DISABLE_PROXY)] + let max: i64 = (*conn).ssl_config.version_max; + let mut vrange: SSLVersionRange = SSLVersionRange { min: 0, max: 0 }; + match min { + 1 | 0 => { + /* Bump our minimum TLS version if NSS has stricter requirements. */ + if unsafe { SSL_VersionRangeGetDefault(ssl_variant_stream, &mut vrange) as i32 } + != SECSuccess as i32 + { + return CURLE_SSL_CONNECT_ERROR; + } + if unsafe { ((*sslver).min as i32) < vrange.min as i32 } { + unsafe { + (*sslver).min = vrange.min; + } + } + } + _ => { + result = unsafe { nss_sslver_from_curl(&mut (*sslver).min, min) }; + if result as u64 != 0 { + unsafe { + Curl_failf( + data, + b"unsupported min version passed via CURLOPT_SSLVERSION\0" as *const u8 + as *const libc::c_char, + ); + } + return result; + } + } + } + match max { + 0 | 65536 => {} + _ => { + result = unsafe { nss_sslver_from_curl(&mut (*sslver).max, max >> 16 as i32) }; + if result as u64 != 0 { + unsafe { + Curl_failf( + data, + b"unsupported max version passed via CURLOPT_SSLVERSION\0" as *const u8 + as *const libc::c_char, + ); + } + return result; + } + } + } + return CURLE_OK; +} +extern "C" fn nss_fail_connect( + mut connssl: *mut ssl_connect_data, + mut data: *mut Curl_easy, + mut curlerr: CURLcode, +) -> CURLcode { + let mut backend: *mut ssl_backend_data = unsafe { (*connssl).backend }; + if is_nss_error(curlerr) { + /* read NSPR error code */ + let mut err: PRErrorCode = unsafe { PR_GetError() }; + if is_cc_error(err) { + curlerr = CURLE_SSL_CERTPROBLEM; + } + /* print the error number and error string */ + unsafe { + Curl_infof( + data, + b"NSS error %d (%s)\0" as *const u8 as *const libc::c_char, + err, + nss_error_to_name(err), + ); + } + /* print a human-readable message describing the error if available */ + nss_print_error_message(data, err as PRUint32); + } + /* cleanup on connection failure */ + unsafe { + Curl_llist_destroy(&mut (*backend).obj_list, 0 as *mut libc::c_void); + } + return curlerr; +} + +/* Switch the SSL socket into blocking or non-blocking mode. */ +extern "C" fn nss_set_blocking( + mut connssl: *mut ssl_connect_data, + mut data: *mut Curl_easy, + mut blocking: bool, +) -> CURLcode { + let mut sock_opt: PRSocketOptionData = PRSocketOptionData { + option: PR_SockOpt_Nonblocking, + value: nss_C2RustUnnamed_5 { ip_ttl: 0 }, + }; + let mut backend: *mut ssl_backend_data = unsafe { (*connssl).backend }; + sock_opt.option = PR_SockOpt_Nonblocking; + sock_opt.value.non_blocking = !blocking as i32; + if unsafe { + PR_SetSocketOption((*backend).nss_handle, &mut sock_opt) as i32 != PR_SUCCESS as i32 + } { + return nss_fail_connect(connssl, data, CURLE_SSL_CONNECT_ERROR); + } + return CURLE_OK; +} + +// unsafe extern "C" fn nss_setup_connect( +// mut data: *mut Curl_easy, +// mut conn: *mut connectdata, +// mut sockindex: i32, +// ) -> CURLcode { +// let mut current_block: u64; +// let mut model: *mut PRFileDesc = 0 as *mut PRFileDesc; +// let mut nspr_io: *mut PRFileDesc = 0 as *mut PRFileDesc; +// let mut nspr_io_stub: *mut PRFileDesc = 0 as *mut PRFileDesc; +// let mut ssl_no_cache: PRBool = 0; +// let mut ssl_cbc_random_iv: PRBool = 0; +// let mut sockfd: curl_socket_t = (*conn).sock[sockindex as usize]; +// let mut connssl: *mut ssl_connect_data = +// &mut *((*conn).ssl).as_mut_ptr().offset(sockindex as isize) as *mut ssl_connect_data; +// let mut backend: *mut ssl_backend_data = (*connssl).backend; +// let mut result: CURLcode = CURLE_OK; +// let mut second_layer: bool = 0 as i32 != 0; +// let mut sslver_supported: SSLVersionRange = SSLVersionRange { min: 0, max: 0 }; +// let mut sslver: SSLVersionRange = { +// let mut init = SSLVersionRangeStr { +// min: 0x301 as i32 as PRUint16, +// max: 0x304 as i32 as PRUint16, +// }; +// init +// }; +// let ref mut fresh17 = (*backend).data; +// *fresh17 = data; +// Curl_llist_init( +// &mut (*backend).obj_list, +// Some( +// nss_destroy_object as unsafe extern "C" fn(*mut libc::c_void, *mut libc::c_void) -> (), +// ), +// ); +// PR_Lock(nss_initlock); +// result = nss_setup(data); +// if result as u64 != 0 { +// PR_Unlock(nss_initlock); +// } else { +// PK11_SetPasswordFunc(Some( +// nss_get_password +// as unsafe extern "C" fn( +// *mut PK11SlotInfo, +// PRBool, +// *mut libc::c_void, +// ) -> *mut libc::c_char, +// )); +// result = nss_load_module( +// &mut pem_module, +// pem_library, +// b"PEM\0" as *const u8 as *const libc::c_char, +// ); +// PR_Unlock(nss_initlock); +// if result as u32 == CURLE_FAILED_INIT as i32 as u32 { +// Curl_infof( +// data, +// b"WARNING: failed to load NSS PEM library %s. Using OpenSSL PEM certificates will not work.\0" +// as *const u8 as *const libc::c_char, +// pem_library, +// ); +// current_block = 6009453772311597924; +// } else if result as u64 != 0 { +// current_block = 8192695711153237833; +// } else { +// current_block = 6009453772311597924; +// } +// match current_block { +// 8192695711153237833 => {} +// _ => { +// result = CURLE_SSL_CONNECT_ERROR; +// model = PR_NewTCPSocket(); +// if !model.is_null() { +// model = SSL_ImportFD(0 as *mut PRFileDesc, model); +// if !(SSL_OptionSet(model, 1 as i32, 1 as i32) as i32 +// != SECSuccess as i32) +// { +// if !(SSL_OptionSet(model, 6 as i32, 0 as i32) +// as i32 +// != SECSuccess as i32) +// { +// if !(SSL_OptionSet(model, 5 as i32, 1 as i32) +// as i32 +// != SECSuccess as i32) +// { +// ssl_no_cache = if (if CURLPROXY_HTTPS as i32 as u32 +// == (*conn).http_proxy.proxytype as u32 +// && ssl_connection_complete as i32 as u32 +// != (*conn).proxy_ssl[(if (*conn).sock +// [1 as i32 as usize] +// == -(1 as i32) +// { +// 0 as i32 +// } else { +// 1 as i32 +// }) +// as usize] +// .state +// as u32 +// { +// ((*data).set.proxy_ssl.primary).sessionid() as i32 +// } else { +// ((*data).set.ssl.primary).sessionid() as i32 +// }) != 0 +// && (if CURLPROXY_HTTPS as i32 as u32 +// == (*conn).http_proxy.proxytype as u32 +// && ssl_connection_complete as i32 as u32 +// != (*conn).proxy_ssl[(if (*conn).sock +// [1 as i32 as usize] +// == -(1 as i32) +// { +// 0 as i32 +// } else { +// 1 as i32 +// }) +// as usize] +// .state +// as u32 +// { +// ((*conn).proxy_ssl_config).verifypeer() as i32 +// } else { +// ((*conn).ssl_config).verifypeer() as i32 +// }) != 0 +// { +// 0 as i32 +// } else { +// 1 as i32 +// }; +// if !(SSL_OptionSet(model, 9 as i32, ssl_no_cache) +// as i32 +// != SECSuccess as i32) +// { +// if !(nss_init_sslver(&mut sslver, data, conn) as u32 +// != CURLE_OK as i32 as u32) +// { +// if !(SSL_VersionRangeGetSupported( +// ssl_variant_stream, +// &mut sslver_supported, +// ) +// as i32 +// != SECSuccess as i32) +// { +// if (sslver_supported.max as i32) +// < sslver.max as i32 +// && sslver_supported.max as i32 +// >= sslver.min as i32 +// { +// let mut sslver_req_str: *mut libc::c_char = +// 0 as *mut libc::c_char; +// let mut sslver_supp_str: *mut libc::c_char = +// 0 as *mut libc::c_char; +// sslver_req_str = nss_sslver_to_name(sslver.max); +// sslver_supp_str = +// nss_sslver_to_name(sslver_supported.max); +// if !sslver_req_str.is_null() +// && !sslver_supp_str.is_null() +// { +// Curl_infof( +// data, +// b"Falling back from %s to max supported SSL version (%s)\0" +// as *const u8 as *const libc::c_char, +// sslver_req_str, +// sslver_supp_str, +// ); +// } +// Curl_cfree.expect("non-null function pointer")( +// sslver_req_str as *mut libc::c_void, +// ); +// Curl_cfree.expect("non-null function pointer")( +// sslver_supp_str as *mut libc::c_void, +// ); +// sslver.max = sslver_supported.max; +// } +// if !(SSL_VersionRangeSet(model, &mut sslver) +// as i32 +// != SECSuccess as i32) +// { +// ssl_cbc_random_iv = (if CURLPROXY_HTTPS +// as i32 +// as u32 +// == (*conn).http_proxy.proxytype as u32 +// && ssl_connection_complete as i32 +// as u32 +// != (*conn).proxy_ssl[(if (*conn).sock +// [1 as i32 as usize] +// == -(1 as i32) +// { +// 0 as i32 +// } else { +// 1 as i32 +// }) +// as usize] +// .state +// as u32 +// { +// ((*data).set.proxy_ssl).enable_beast() +// as i32 +// } else { +// ((*data).set.ssl).enable_beast() as i32 +// } == 0) +// as i32; +// if SSL_OptionSet( +// model, +// 23 as i32, +// ssl_cbc_random_iv, +// ) +// as i32 +// != SECSuccess as i32 +// { +// Curl_infof( +// data, +// b"warning: failed to set SSL_CBC_RANDOM_IV = %d\0" +// as *const u8 as *const libc::c_char, +// ssl_cbc_random_iv, +// ); +// } +// if !if CURLPROXY_HTTPS as i32 +// as u32 +// == (*conn).http_proxy.proxytype as u32 +// && ssl_connection_complete as i32 +// as u32 +// != (*conn).proxy_ssl[(if (*conn).sock +// [1 as i32 as usize] +// == -(1 as i32) +// { +// 0 as i32 +// } else { +// 1 as i32 +// }) +// as usize] +// .state +// as u32 +// { +// (*conn).proxy_ssl_config.cipher_list +// } else { +// (*conn).ssl_config.cipher_list +// } +// .is_null() +// { +// if set_ciphers( +// data, +// model, +// (if CURLPROXY_HTTPS as i32 +// as u32 +// == (*conn).http_proxy.proxytype +// as u32 +// && ssl_connection_complete +// as i32 +// as u32 +// != (*conn).proxy_ssl[(if (*conn) +// .sock +// [1 as i32 as usize] +// == -(1 as i32) +// { +// 0 as i32 +// } else { +// 1 as i32 +// }) +// as usize] +// .state +// as u32 +// { +// (*conn).proxy_ssl_config.cipher_list +// } else { +// (*conn).ssl_config.cipher_list +// }), +// ) +// as i32 +// != SECSuccess as i32 +// { +// result = CURLE_SSL_CIPHER; +// current_block = 8192695711153237833; +// } else { +// current_block = 12381812505308290051; +// } +// } else { +// current_block = 12381812505308290051; +// } +// match current_block { +// 8192695711153237833 => {} +// _ => { +// if (if CURLPROXY_HTTPS as i32 +// as u32 +// == (*conn).http_proxy.proxytype +// as u32 +// && ssl_connection_complete +// as i32 +// as u32 +// != (*conn).proxy_ssl[(if (*conn) +// .sock +// [1 as i32 as usize] +// == -(1 as i32) +// { +// 0 as i32 +// } else { +// 1 as i32 +// }) +// as usize] +// .state +// as u32 +// { +// ((*conn).proxy_ssl_config).verifypeer() +// as i32 +// } else { +// ((*conn).ssl_config).verifypeer() +// as i32 +// }) == 0 +// && (if CURLPROXY_HTTPS as i32 +// as u32 +// == (*conn).http_proxy.proxytype +// as u32 +// && ssl_connection_complete +// as i32 +// as u32 +// != (*conn).proxy_ssl[(if (*conn) +// .sock +// [1 as i32 as usize] +// == -(1 as i32) +// { +// 0 as i32 +// } else { +// 1 as i32 +// }) +// as usize] +// .state +// as u32 +// { +// ((*conn).proxy_ssl_config) +// .verifyhost() +// as i32 +// } else { +// ((*conn).ssl_config).verifyhost() +// as i32 +// }) != 0 +// { +// Curl_infof( +// data, +// b"warning: ignoring value of ssl.verifyhost\0" as *const u8 +// as *const libc::c_char, +// ); +// } +// if !(SSL_AuthCertificateHook( +// model, +// Some( +// nss_auth_cert_hook +// as unsafe extern "C" fn( +// *mut libc::c_void, +// *mut PRFileDesc, +// PRBool, +// PRBool, +// ) -> SECStatus, +// ), +// data as *mut libc::c_void, +// ) as i32 != SECSuccess as i32) +// { +// *if CURLPROXY_HTTPS as i32 as u32 +// == (*conn).http_proxy.proxytype as u32 +// && ssl_connection_complete as i32 as u32 +// != (*conn) +// .proxy_ssl[(if (*conn).sock[1 as i32 as usize] +// == -(1 as i32) +// { +// 0 as i32 +// } else { +// 1 as i32 +// }) as usize] +// .state as u32 +// { +// &mut (*data).set.proxy_ssl.certverifyresult +// } else { +// &mut (*data).set.ssl.certverifyresult +// } = 0 as i32 as i64; +// if !(SSL_BadCertHook( +// model, +// Some( +// BadCertHandler +// as unsafe extern "C" fn( +// *mut libc::c_void, +// *mut PRFileDesc, +// ) -> SECStatus, +// ), +// data as *mut libc::c_void, +// ) as i32 != SECSuccess as i32) +// { +// if !(SSL_HandshakeCallback( +// model, +// Some( +// HandshakeCallback +// as unsafe extern "C" fn( +// *mut PRFileDesc, +// *mut libc::c_void, +// ) -> (), +// ), +// data as *mut libc::c_void, +// ) as i32 != SECSuccess as i32) +// { +// let rv: CURLcode = nss_load_ca_certificates( +// data, +// conn, +// sockindex, +// ); +// if rv as u32 +// == CURLE_SSL_CACERT_BADFILE as i32 as u32 +// && (if CURLPROXY_HTTPS as i32 as u32 +// == (*conn).http_proxy.proxytype as u32 +// && ssl_connection_complete as i32 as u32 +// != (*conn) +// .proxy_ssl[(if (*conn).sock[1 as i32 as usize] +// == -(1 as i32) +// { +// 0 as i32 +// } else { +// 1 as i32 +// }) as usize] +// .state as u32 +// { +// ((*conn).proxy_ssl_config).verifypeer() as i32 +// } else { +// ((*conn).ssl_config).verifypeer() as i32 +// }) == 0 +// { +// Curl_infof( +// data, +// b"warning: CA certificates failed to load\0" as *const u8 +// as *const libc::c_char, +// ); +// current_block = 6528285054092551010; +// } else if rv as u64 != 0 { +// result = rv; +// current_block = 8192695711153237833; +// } else { +// current_block = 6528285054092551010; +// } +// match current_block { +// 8192695711153237833 => {} +// _ => { +// if !if CURLPROXY_HTTPS as i32 as u32 +// == (*conn).http_proxy.proxytype as u32 +// && ssl_connection_complete as i32 as u32 +// != (*conn) +// .proxy_ssl[(if (*conn).sock[1 as i32 as usize] +// == -(1 as i32) +// { +// 0 as i32 +// } else { +// 1 as i32 +// }) as usize] +// .state as u32 +// { +// (*data).set.proxy_ssl.CRLfile +// } else { +// (*data).set.ssl.CRLfile +// } +// .is_null() +// { +// let rv_0: CURLcode = nss_load_crl( +// if CURLPROXY_HTTPS as i32 as u32 +// == (*conn).http_proxy.proxytype as u32 +// && ssl_connection_complete as i32 as u32 +// != (*conn) +// .proxy_ssl[(if (*conn).sock[1 as i32 as usize] +// == -(1 as i32) +// { +// 0 as i32 +// } else { +// 1 as i32 +// }) as usize] +// .state as u32 +// { +// (*data).set.proxy_ssl.CRLfile +// } else { +// (*data).set.ssl.CRLfile +// }, +// ); +// if rv_0 as u64 != 0 { +// result = rv_0; +// current_block = 8192695711153237833; +// } else { +// Curl_infof( +// data, +// b" CRLfile: %s\0" as *const u8 as *const libc::c_char, +// if CURLPROXY_HTTPS as i32 as u32 +// == (*conn).http_proxy.proxytype as u32 +// && ssl_connection_complete as i32 as u32 +// != (*conn) +// .proxy_ssl[(if (*conn).sock[1 as i32 as usize] +// == -(1 as i32) +// { +// 0 as i32 +// } else { +// 1 as i32 +// }) as usize] +// .state as u32 +// { +// (*data).set.proxy_ssl.CRLfile +// } else { +// (*data).set.ssl.CRLfile +// }, +// ); +// current_block = 14001958660280927786; +// } +// } else { +// current_block = 14001958660280927786; +// } +// match current_block { +// 8192695711153237833 => {} +// _ => { +// if !if CURLPROXY_HTTPS as i32 as u32 +// == (*conn).http_proxy.proxytype as u32 +// && ssl_connection_complete as i32 as u32 +// != (*conn) +// .proxy_ssl[(if (*conn).sock[1 as i32 as usize] +// == -(1 as i32) +// { +// 0 as i32 +// } else { +// 1 as i32 +// }) as usize] +// .state as u32 +// { +// (*data).set.proxy_ssl.primary.clientcert +// } else { +// (*data).set.ssl.primary.clientcert +// } +// .is_null() +// { +// let mut nickname: *mut libc::c_char = dup_nickname( +// data, +// if CURLPROXY_HTTPS as i32 as u32 +// == (*conn).http_proxy.proxytype as u32 +// && ssl_connection_complete as i32 as u32 +// != (*conn) +// .proxy_ssl[(if (*conn).sock[1 as i32 as usize] +// == -(1 as i32) +// { +// 0 as i32 +// } else { +// 1 as i32 +// }) as usize] +// .state as u32 +// { +// (*data).set.proxy_ssl.primary.clientcert +// } else { +// (*data).set.ssl.primary.clientcert +// }, +// ); +// if !nickname.is_null() { +// let ref mut fresh18 = (*backend).obj_clicert; +// *fresh18 = 0 as *mut PK11GenericObject; +// current_block = 7178192492338286402; +// } else { +// let mut rv_1: CURLcode = cert_stuff( +// data, +// conn, +// sockindex, +// if CURLPROXY_HTTPS as i32 as u32 +// == (*conn).http_proxy.proxytype as u32 +// && ssl_connection_complete as i32 as u32 +// != (*conn) +// .proxy_ssl[(if (*conn).sock[1 as i32 as usize] +// == -(1 as i32) +// { +// 0 as i32 +// } else { +// 1 as i32 +// }) as usize] +// .state as u32 +// { +// (*data).set.proxy_ssl.primary.clientcert +// } else { +// (*data).set.ssl.primary.clientcert +// }, +// if CURLPROXY_HTTPS as i32 as u32 +// == (*conn).http_proxy.proxytype as u32 +// && ssl_connection_complete as i32 as u32 +// != (*conn) +// .proxy_ssl[(if (*conn).sock[1 as i32 as usize] +// == -(1 as i32) +// { +// 0 as i32 +// } else { +// 1 as i32 +// }) as usize] +// .state as u32 +// { +// (*data).set.proxy_ssl.key +// } else { +// (*data).set.ssl.key +// }, +// ); +// if rv_1 as u64 != 0 { +// result = rv_1; +// current_block = 8192695711153237833; +// } else { +// current_block = 7178192492338286402; +// } +// } +// match current_block { +// 8192695711153237833 => {} +// _ => { +// let ref mut fresh19 = (*backend).client_nickname; +// *fresh19 = nickname; +// current_block = 9437375157805982253; +// } +// } +// } else { +// let ref mut fresh20 = (*backend).client_nickname; +// *fresh20 = 0 as *mut libc::c_char; +// current_block = 9437375157805982253; +// } +// match current_block { +// 8192695711153237833 => {} +// _ => { +// if SSL_GetClientAuthDataHook( +// model, +// Some( +// SelectClientCert +// as unsafe extern "C" fn( +// *mut libc::c_void, +// *mut PRFileDesc, +// *mut CERTDistNamesStr, +// *mut *mut CERTCertificateStr, +// *mut *mut SECKEYPrivateKeyStr, +// ) -> SECStatus, +// ), +// connssl as *mut libc::c_void, +// ) as i32 != SECSuccess as i32 +// { +// result = CURLE_SSL_CERTPROBLEM; +// } else { +// if ((*conn).proxy_ssl[sockindex as usize]).use_0() != 0 { +// nspr_io = (*(*conn).proxy_ssl[sockindex as usize].backend) +// handle; +// second_layer = 1 as i32 != 0; +// current_block = 10393716428851982524; +// } else { +// nspr_io = PR_ImportTCPSocket(sockfd); +// if nspr_io.is_null() { +// current_block = 8192695711153237833; +// } else { +// current_block = 10393716428851982524; +// } +// } +// match current_block { +// 8192695711153237833 => {} +// _ => { +// nspr_io_stub = PR_CreateIOLayerStub( +// nspr_io_identity, +// &mut nspr_io_methods, +// ); +// if nspr_io_stub.is_null() { +// if !second_layer { +// PR_Close(nspr_io); +// } +// } else { +// let ref mut fresh21 = (*nspr_io_stub).secret; +// *fresh21 = connssl as *mut libc::c_void +// as *mut PRFilePrivate; +// if PR_PushIOLayer( +// nspr_io, +// -(2 as i32), +// nspr_io_stub, +// ) as i32 != PR_SUCCESS as i32 +// { +// if !second_layer { +// PR_Close(nspr_io); +// } +// PR_Close(nspr_io_stub); +// } else { +// let ref mut fresh22 = (*backend).handle; +// *fresh22 = SSL_ImportFD(model, nspr_io); +// if ((*backend).handle).is_null() { +// if !second_layer { +// PR_Close(nspr_io); +// } +// } else { +// PR_Close(model); +// model = 0 as *mut PRFileDesc; +// if !if CURLPROXY_HTTPS as i32 as u32 +// == (*conn).http_proxy.proxytype as u32 +// && ssl_connection_complete as i32 as u32 +// != (*conn) +// .proxy_ssl[(if (*conn).sock[1 as i32 as usize] +// == -(1 as i32) +// { +// 0 as i32 +// } else { +// 1 as i32 +// }) as usize] +// .state as u32 +// { +// (*data).set.proxy_ssl.key_passwd +// } else { +// (*data).set.ssl.key_passwd +// } +// .is_null() +// { +// SSL_SetPKCS11PinArg( +// (*backend).handle, +// (if CURLPROXY_HTTPS as i32 as u32 +// == (*conn).http_proxy.proxytype as u32 +// && ssl_connection_complete as i32 as u32 +// != (*conn) +// .proxy_ssl[(if (*conn).sock[1 as i32 as usize] +// == -(1 as i32) +// { +// 0 as i32 +// } else { +// 1 as i32 +// }) as usize] +// .state as u32 +// { +// (*data).set.proxy_ssl.key_passwd +// } else { +// (*data).set.ssl.key_passwd +// }) as *mut libc::c_void, +// ); +// } +// if if CURLPROXY_HTTPS as i32 as u32 +// == (*conn).http_proxy.proxytype as u32 +// && ssl_connection_complete as i32 as u32 +// != (*conn) +// .proxy_ssl[(if (*conn).sock[1 as i32 as usize] +// == -(1 as i32) +// { +// 0 as i32 +// } else { +// 1 as i32 +// }) as usize] +// .state as u32 +// { +// ((*conn).proxy_ssl_config).verifystatus() as i32 +// } else { +// ((*conn).ssl_config).verifystatus() as i32 +// } != 0 +// { +// if SSL_OptionSet( +// (*backend).handle, +// 24 as i32, +// 1 as i32, +// ) as i32 != SECSuccess as i32 +// { +// current_block = 8192695711153237833; +// } else { +// current_block = 4983594971376015098; +// } +// } else { +// current_block = 4983594971376015098; +// } +// match current_block { +// 8192695711153237833 => {} +// _ => { +// if !(SSL_OptionSet( +// (*backend).handle, +// 25 as i32, +// (if ((*conn).bits).tls_enable_npn() as i32 != 0 { +// 1 as i32 +// } else { +// 0 as i32 +// }), +// ) as i32 != SECSuccess as i32) +// { +// if !(SSL_OptionSet( +// (*backend).handle, +// 26 as i32, +// (if ((*conn).bits).tls_enable_alpn() as i32 != 0 { +// 1 as i32 +// } else { +// 0 as i32 +// }), +// ) as i32 != SECSuccess as i32) +// { +// if ((*data).set.ssl).falsestart() != 0 { +// if SSL_OptionSet( +// (*backend).handle, +// 22 as i32, +// 1 as i32, +// ) as i32 != SECSuccess as i32 +// { +// current_block = 8192695711153237833; +// } else if SSL_SetCanFalseStartCallback( +// (*backend).handle, +// Some( +// CanFalseStartCallback +// as unsafe extern "C" fn( +// *mut PRFileDesc, +// *mut libc::c_void, +// *mut PRBool, +// ) -> SECStatus, +// ), +// data as *mut libc::c_void, +// ) as i32 != SECSuccess as i32 +// { +// current_block = 8192695711153237833; +// } else { +// current_block = 16375338222180917333; +// } +// } else { +// current_block = 16375338222180917333; +// } +// match current_block { +// 8192695711153237833 => {} +// _ => { +// if ((*conn).bits).tls_enable_npn() as i32 != 0 +// || ((*conn).bits).tls_enable_alpn() as i32 != 0 +// { +// let mut cur: i32 = 0 as i32; +// let mut protocols: [u8; 128] = [0; 128]; +// if (*data).state.httpwant as i32 +// >= CURL_HTTP_VERSION_2_0 as i32 +// && (!(CURLPROXY_HTTPS as i32 as u32 +// == (*conn).http_proxy.proxytype as u32 +// && ssl_connection_complete as i32 as u32 +// != (*conn) +// .proxy_ssl[(if (*conn).sock[1 as i32 as usize] +// == -(1 as i32) +// { +// 0 as i32 +// } else { +// 1 as i32 +// }) as usize] +// .state as u32) +// || ((*conn).bits).tunnel_proxy() == 0) +// { +// let fresh23 = cur; +// cur = cur + 1; +// protocols[fresh23 +// as usize] = 2 as i32 as u8; +// memcpy( +// &mut *protocols.as_mut_ptr().offset(cur as isize) +// as *mut u8 as *mut libc::c_void, +// b"h2\0" as *const u8 as *const libc::c_char +// as *const libc::c_void, +// 2 as i32 as u64, +// ); +// cur += 2 as i32; +// } +// let fresh24 = cur; +// cur = cur + 1; +// protocols[fresh24 +// as usize] = 8 as i32 as u8; +// memcpy( +// &mut *protocols.as_mut_ptr().offset(cur as isize) +// as *mut u8 as *mut libc::c_void, +// b"http/1.1\0" as *const u8 as *const libc::c_char +// as *const libc::c_void, +// 8 as i32 as u64, +// ); +// cur += 8 as i32; +// if SSL_SetNextProtoNego( +// (*backend).handle, +// protocols.as_mut_ptr(), +// cur as u32, +// ) as i32 != SECSuccess as i32 +// { +// current_block = 8192695711153237833; +// } else { +// current_block = 16910810822589621899; +// } +// } else { +// current_block = 16910810822589621899; +// } +// match current_block { +// 8192695711153237833 => {} +// _ => { +// if !(SSL_ResetHandshake((*backend).handle, 0 as i32) +// as i32 != SECSuccess as i32) +// { +// if !(SSL_SetURL( +// (*backend).handle, +// (if CURLPROXY_HTTPS as i32 as u32 +// == (*conn).http_proxy.proxytype as u32 +// && ssl_connection_complete as i32 as u32 +// != (*conn) +// .proxy_ssl[(if (*conn).sock[1 as i32 as usize] +// == -(1 as i32) +// { +// 0 as i32 +// } else { +// 1 as i32 +// }) as usize] +// .state as u32 +// { +// (*conn).http_proxy.host.name +// } else { +// (*conn).host.name +// }), +// ) as i32 != SECSuccess as i32) +// { +// if !(SSL_SetSockPeerID( +// (*backend).handle, +// (if CURLPROXY_HTTPS as i32 as u32 +// == (*conn).http_proxy.proxytype as u32 +// && ssl_connection_complete as i32 as u32 +// != (*conn) +// .proxy_ssl[(if (*conn).sock[1 as i32 as usize] +// == -(1 as i32) +// { +// 0 as i32 +// } else { +// 1 as i32 +// }) as usize] +// .state as u32 +// { +// (*conn).http_proxy.host.name +// } else { +// (*conn).host.name +// }), +// ) as i32 != SECSuccess as i32) +// { +// return CURLE_OK; +// } +// } +// } +// } +// } +// } +// } +// } +// } +// } +// } +// } +// } +// } +// } +// } +// } +// } +// } +// } +// } +// } +// } +// } +// } +// } +// } +// } +// } +// } +// } +// } +// } +// } +// } +// } +// } +// } +// } +// if !model.is_null() { +// PR_Close(model); +// } +// return nss_fail_connect(connssl, data, result); +// } +extern "C" fn nss_setup_connect( + mut data: *mut Curl_easy, + mut conn: *mut connectdata, + mut sockindex: i32, +) -> CURLcode { + let mut model: *mut PRFileDesc = 0 as *mut PRFileDesc; + let mut nspr_io: *mut PRFileDesc = 0 as *mut PRFileDesc; + let mut nspr_io_stub: *mut PRFileDesc = 0 as *mut PRFileDesc; + let mut ssl_no_cache: PRBool = 0; + let mut ssl_cbc_random_iv: PRBool = 0; + let mut sockfd: curl_socket_t = unsafe { (*conn).sock[sockindex as usize] }; + let mut connssl: *mut ssl_connect_data = unsafe { + &mut *((*conn).ssl).as_mut_ptr().offset(sockindex as isize) as *mut ssl_connect_data + }; + let mut backend: *mut ssl_backend_data = unsafe { (*connssl).backend }; + let mut result: CURLcode = CURLE_OK; + let mut second_layer: bool = 0 as i32 != 0; + let mut sslver_supported: SSLVersionRange = SSLVersionRange { min: 0, max: 0 }; + let mut sslver: SSLVersionRange = { + #[cfg(SSL_LIBRARY_VERSION_TLS_1_3)] + let mut init = SSLVersionRangeStr { + min: 0x301 as PRUint16, + max: 0x304 as PRUint16, + }; + #[cfg(SSL_LIBRARY_VERSION_TLS_1_2)] + let mut init = SSLVersionRangeStr { + min: 0x301 as PRUint16, + max: 0x303 as PRUint16, + }; + #[cfg(SSL_LIBRARY_VERSION_TLS_1_1)] + let mut init = SSLVersionRangeStr { + min: 0x301 as PRUint16, + max: 0x302 as PRUint16, + }; + #[cfg(all( + not(SSL_LIBRARY_VERSION_TLS_1_3), + not(SSL_LIBRARY_VERSION_TLS_1_2), + not(SSL_LIBRARY_VERSION_TLS_1_1) + ))] + let mut init = SSLVersionRangeStr { + min: 0x301 as PRUint16, + max: 0x301 as PRUint16, + }; + init + }; + unsafe { + (*backend).data = data; + /* list of all NSS objects we need to destroy in nss_do_close() */ + Curl_llist_init( + &mut (*backend).obj_list, + Some( + nss_destroy_object + as unsafe extern "C" fn(*mut libc::c_void, *mut libc::c_void) -> (), + ), + ); + PR_Lock(nss_initlock); + } + result = nss_setup(data); + // 创建一个循环 + // 循环开始 + 'error: loop { + if result as u64 != 0 { + unsafe { + PR_Unlock(nss_initlock); + } + break 'error; + } + unsafe { + PK11_SetPasswordFunc(Some( + nss_get_password + as unsafe extern "C" fn( + *mut PK11SlotInfo, + PRBool, + *mut libc::c_void, + ) -> *mut libc::c_char, + )); + } + result = unsafe { + nss_load_module( + &mut pem_module, + pem_library, + b"PEM\0" as *const u8 as *const libc::c_char, + ) + }; + unsafe { + PR_Unlock(nss_initlock); + } + if result as u32 == CURLE_FAILED_INIT as i32 as u32 { + unsafe { + Curl_infof( data, b"WARNING: failed to load NSS PEM library %s. Using OpenSSL PEM certificates will not work.\0" as *const u8 as *const libc::c_char, pem_library, ); - } else if result as u64 != 0 { - break 'error; - } - result = CURLE_SSL_CONNECT_ERROR; - model = PR_NewTCPSocket(); - if model.is_null() { - break 'error; - } - model = SSL_ImportFD(0 as *mut PRFileDesc, model); - if SSL_OptionSet(model, 1 as i32, 1 as i32) as i32 - != SECSuccess as i32 - { - break 'error; - } - if SSL_OptionSet(model, 6 as i32, 0 as i32) as i32 - != SECSuccess as i32 - { - break 'error; - } - if SSL_OptionSet(model, 5 as i32, 1 as i32) as i32 - != SECSuccess as i32 - { - break 'error; - } - #[cfg(not(CURL_DISABLE_PROXY))] - let ssl_no_cache_value = if (if CURLPROXY_HTTPS as i32 as u32 - == (*conn).http_proxy.proxytype as u32 - && ssl_connection_complete as i32 as u32 - != (*conn).proxy_ssl[(if (*conn).sock[1 as i32 as usize] - == -(1 as i32) - { - 0 as i32 - } else { - 1 as i32 - }) as usize] - .state as u32 - { - ((*data).set.proxy_ssl.primary).sessionid() as i32 - } else { - ((*data).set.ssl.primary).sessionid() as i32 - }) != 0 - && (if CURLPROXY_HTTPS as u32 - == (*conn).http_proxy.proxytype as u32 - && ssl_connection_complete as u32 - != (*conn).proxy_ssl[(if (*conn).sock[1 as usize] - == -(1 as i32) - { - 0 as i32 - } else { - 1 as i32 - }) as usize] - .state as u32 - { - ((*conn).proxy_ssl_config).verifypeer() as i32 - } else { - ((*conn).ssl_config).verifypeer() as i32 - }) != 0 - { - 0 as i32 - } else { - 1 as i32 - }; - #[cfg(CURL_DISABLE_PROXY)] - let ssl_no_cache_value = if ((*data).set.ssl.primary).sessionid() - as i32 != 0 - && ((*conn).ssl_config).verifypeer() as i32 != 0 - { - 0 as i32 - } else { - 1 as i32 - }; - - /* do not use SSL cache if disabled or we are not going to verify peer */ - ssl_no_cache = ssl_no_cache_value; - if SSL_OptionSet(model, 9 as i32, ssl_no_cache) as i32 - != SECSuccess as i32 - { - break 'error; - } - /* enable/disable the requested SSL version(s) */ - if nss_init_sslver(&mut sslver, data, conn) as u32 - != CURLE_OK as u32 - { - break 'error; - } - if SSL_VersionRangeGetSupported(ssl_variant_stream, &mut sslver_supported) as i32 - != SECSuccess as i32 - { - break 'error; - } - if (sslver_supported.max as i32) < sslver.max as i32 - && sslver_supported.max as i32 >= sslver.min as i32 - { - let mut sslver_req_str: *mut libc::c_char = 0 as *mut libc::c_char; - let mut sslver_supp_str: *mut libc::c_char = 0 as *mut libc::c_char; - sslver_req_str = nss_sslver_to_name(sslver.max); - sslver_supp_str = nss_sslver_to_name(sslver_supported.max); - if !sslver_req_str.is_null() && !sslver_supp_str.is_null() { - Curl_infof( - data, - b"Falling back from %s to max supported SSL version (%s)\0" as *const u8 - as *const libc::c_char, - sslver_req_str, - sslver_supp_str, - ); - } - #[cfg(not(CURLDEBUG))] - Curl_cfree.expect("non-null function pointer")(sslver_req_str as *mut libc::c_void); - #[cfg(not(CURLDEBUG))] - Curl_cfree.expect("non-null function pointer")(sslver_supp_str as *mut libc::c_void); - - #[cfg(CURLDEBUG)] - curl_dbg_free( - sslver_req_str as *mut libc::c_void, - 1935 as libc::c_int, - b"vtls/nss.c\0" as *const u8 as *const libc::c_char, - ); - #[cfg(CURLDEBUG)] - curl_dbg_free( - sslver_supp_str as *mut libc::c_void, - 1936 as libc::c_int, - b"vtls/nss.c\0" as *const u8 as *const libc::c_char, - ); - - sslver.max = sslver_supported.max; - } - if SSL_VersionRangeSet(model, &mut sslver) as i32 != SECSuccess as i32 { - break 'error; - } - #[cfg(not(CURL_DISABLE_PROXY))] - let ssl_cbc_random_iv_value = (if CURLPROXY_HTTPS as u32 - == (*conn).http_proxy.proxytype as u32 - && ssl_connection_complete as u32 - != (*conn).proxy_ssl[(if (*conn).sock[1 as usize] - == -(1 as i32) - { - 0 as i32 - } else { - 1 as i32 - }) as usize] - .state as u32 - { - ((*data).set.proxy_ssl).enable_beast() as i32 - } else { - ((*data).set.ssl).enable_beast() as i32 - } == 0) as i32; - #[cfg(CURL_DISABLE_PROXY)] - let ssl_cbc_random_iv_value = (((*data).set.ssl).enable_beast() == 0) - as i32; - ssl_cbc_random_iv = ssl_cbc_random_iv_value; - #[cfg(SSL_CBC_RANDOM_IV)] - /* unless the user explicitly asks to allow the protocol vulnerability, we - use the work-around */ - if SSL_OptionSet(model, 23 as i32, ssl_cbc_random_iv) as i32 - != SECSuccess as i32 - { - Curl_infof( - data, - b"warning: failed to set SSL_CBC_RANDOM_IV = %d\0" as *const u8 - as *const libc::c_char, - ssl_cbc_random_iv, - ); - } - - #[cfg(not(CURL_DISABLE_PROXY))] - let SSL_CONN_CONFIG_cipher_list = if CURLPROXY_HTTPS as u32 - == (*conn).http_proxy.proxytype as u32 - && ssl_connection_complete as i32 as u32 - != (*conn).proxy_ssl[(if (*conn).sock[1 as usize] - == -(1 as i32) - { - 0 as i32 - } else { - 1 as i32 - }) as usize] - .state as u32 - { - (*conn).proxy_ssl_config.cipher_list - } else { - (*conn).ssl_config.cipher_list - }; - #[cfg(CURL_DISABLE_PROXY)] - let SSL_CONN_CONFIG_cipher_list = (*conn).ssl_config.cipher_list; - if !SSL_CONN_CONFIG_cipher_list.is_null() - { - if set_ciphers( - data, - model, - SSL_CONN_CONFIG_cipher_list, - ) as i32 - != SECSuccess as i32 - { - result = CURLE_SSL_CIPHER; - // curl_mprintf(b"error\0" as *const u8 as *const libc::c_char); - break 'error; - } - } - #[cfg(not(CURL_DISABLE_PROXY))] - let SSL_CONN_CONFIG_verifypeer = if CURLPROXY_HTTPS as u32 - == (*conn).http_proxy.proxytype as u32 - && ssl_connection_complete as u32 - != (*conn).proxy_ssl[(if (*conn).sock[1 as usize] - == -(1 as i32) - { - 0 as i32 - } else { - 1 as i32 - }) as usize] - .state as u32 - { - ((*conn).proxy_ssl_config).verifypeer() as i32 - } else { - ((*conn).ssl_config).verifypeer() as i32 - }; - #[cfg(CURL_DISABLE_PROXY)] - let SSL_CONN_CONFIG_verifypeer = ((*conn).ssl_config).verifypeer(); - - #[cfg(not(CURL_DISABLE_PROXY))] - let SSL_CONN_CONFIG_verifyhost = if CURLPROXY_HTTPS as u32 - == (*conn).http_proxy.proxytype as u32 - && ssl_connection_complete as u32 - != (*conn).proxy_ssl[(if (*conn).sock[1 as usize] - == -(1 as i32) - { - 0 as i32 - } else { - 1 as i32 - }) as usize] - .state as u32 - { - ((*conn).proxy_ssl_config).verifyhost() as i32 - } else { - ((*conn).ssl_config).verifyhost() as i32 - }; - #[cfg(CURL_DISABLE_PROXY)] - let SSL_CONN_CONFIG_verifyhost = ((*conn).ssl_config).verifyhost(); - - - if (SSL_CONN_CONFIG_verifypeer) == 0 - && (SSL_CONN_CONFIG_verifyhost) != 0 - { - Curl_infof( - data, - b"warning: ignoring value of ssl.verifyhost\0" as *const u8 as *const libc::c_char, - ); - } - /* bypass the default SSL_AuthCertificate() hook in case we do not want to - * verify peer */ - if SSL_AuthCertificateHook( - model, - Some( - nss_auth_cert_hook - as unsafe extern "C" fn( - *mut libc::c_void, - *mut PRFileDesc, - PRBool, - PRBool, - ) -> SECStatus, - ), - data as *mut libc::c_void, - ) as i32 - != SECSuccess as i32 - { - break 'error; - } - #[cfg(not(CURL_DISABLE_PROXY))] - if true { - *if CURLPROXY_HTTPS as u32 - == (*conn).http_proxy.proxytype as u32 - && ssl_connection_complete as u32 - != (*conn).proxy_ssl[(if (*conn).sock[1 as usize] - == -(1 as i32) - { - 0 as i32 - } else { - 1 as i32 - }) as usize] - .state as u32 - { - &mut (*data).set.proxy_ssl.certverifyresult - } else { - &mut (*data).set.ssl.certverifyresult - } = 0 as i64; - } - #[cfg(CURL_DISABLE_PROXY)] - if true { - (*data) - .set - .ssl - .certverifyresult = 0 as i64; - } - if SSL_BadCertHook( - model, - Some( - BadCertHandler - as unsafe extern "C" fn(*mut libc::c_void, *mut PRFileDesc) -> SECStatus, - ), - data as *mut libc::c_void, - ) as i32 - != SECSuccess as i32 - { - break 'error; - } - if SSL_HandshakeCallback( - model, - Some( - HandshakeCallback as unsafe extern "C" fn(*mut PRFileDesc, *mut libc::c_void) -> (), - ), - data as *mut libc::c_void, - ) as i32 - != SECSuccess as i32 - { - break 'error; - } - let rv: CURLcode = nss_load_ca_certificates(data, conn, sockindex); - if rv as u32 == CURLE_SSL_CACERT_BADFILE as u32 - && (SSL_CONN_CONFIG_verifypeer) == 0 - { - Curl_infof( - data, - b"warning: CA certificates failed to load\0" as *const u8 as *const libc::c_char, - ); - } else if rv as u64 != 0 { - result = rv; - break 'error; - } - #[cfg(not(CURL_DISABLE_PROXY))] - let SSL_SET_OPTION_CRLfile = if CURLPROXY_HTTPS as u32 - == (*conn).http_proxy.proxytype as u32 - && ssl_connection_complete as u32 - != (*conn).proxy_ssl[(if (*conn).sock[1 as usize] - == -(1 as i32) - { - 0 as i32 - } else { - 1 as i32 - }) as usize] - .state as u32 - { - (*data).set.proxy_ssl.CRLfile - } else { - (*data).set.ssl.CRLfile - }; - #[cfg(CURL_DISABLE_PROXY)] - let SSL_SET_OPTION_CRLfile = (*data).set.ssl.CRLfile; - if !SSL_SET_OPTION_CRLfile.is_null() - { - let rv_0: CURLcode = nss_load_crl(SSL_SET_OPTION_CRLfile); - if rv_0 as u64 != 0 { - result = rv_0; - break 'error; - } - Curl_infof( - data, - b" CRLfile: %s\0" as *const u8 as *const libc::c_char, - SSL_SET_OPTION_CRLfile, - ); - } - - #[cfg(not(CURL_DISABLE_PROXY))] - let SSL_SET_OPTION_primary_clientcert = if CURLPROXY_HTTPS as u32 - == (*conn).http_proxy.proxytype as u32 - && ssl_connection_complete as u32 - != (*conn).proxy_ssl[(if (*conn).sock[1 as usize] - == -(1 as i32) - { - 0 as i32 - } else { - 1 as i32 - }) as usize] - .state as u32 - { - (*data).set.proxy_ssl.primary.clientcert - } else { - (*data).set.ssl.primary.clientcert - }; - #[cfg(CURL_DISABLE_PROXY)] - let SSL_SET_OPTION_primary_clientcert = (*data).set.ssl.primary.clientcert; - #[cfg(not(CURL_DISABLE_PROXY))] - let SSL_SET_OPTION_key = if CURLPROXY_HTTPS as u32 - == (*conn).http_proxy.proxytype as u32 - && ssl_connection_complete as u32 - != (*conn).proxy_ssl[(if (*conn).sock[1 as usize] - == -(1 as i32) - { - 0 as i32 - } else { - 1 as i32 - }) as usize] - .state as u32 - { - (*data).set.proxy_ssl.key - } else { - (*data).set.ssl.key - }; - #[cfg(CURL_DISABLE_PROXY)] - let SSL_SET_OPTION_key = (*data).set.ssl.key; - if ! SSL_SET_OPTION_primary_clientcert.is_null() - { - let mut nickname: *mut libc::c_char = dup_nickname( - data, - SSL_SET_OPTION_primary_clientcert, - ); - if !nickname.is_null() { - (*backend).obj_clicert = 0 as *mut PK11GenericObject; - } else { - let mut rv_1: CURLcode = cert_stuff( - data, - conn, - sockindex, - SSL_SET_OPTION_primary_clientcert, - SSL_SET_OPTION_key, - ); - if rv_1 as u64 != 0 { - result = rv_1; - break 'error; - } - } - (*backend).client_nickname = nickname; - } else { - (*backend).client_nickname = 0 as *mut libc::c_char; - } - #[cfg(not(CURL_DISABLE_PROXY))] - if SSL_GetClientAuthDataHook( - model, - Some( - SelectClientCert - as unsafe extern "C" fn( - *mut libc::c_void, - *mut PRFileDesc, - *mut CERTDistNamesStr, - *mut *mut CERTCertificateStr, - *mut *mut SECKEYPrivateKeyStr, - ) -> SECStatus, - ), - connssl as *mut libc::c_void, - ) as i32 - != SECSuccess as i32 - { - result = CURLE_SSL_CERTPROBLEM; - break 'error; - } - - #[cfg(not(CURL_DISABLE_PROXY))] - if ((*conn).proxy_ssl[sockindex as usize]).use_0() != 0 { - #[cfg(all(DEBUGBUILD, HAVE_ASSERT_H))] - if ssl_connection_complete as libc::c_int as libc::c_uint - == (*conn).proxy_ssl[sockindex as usize].state - as libc::c_uint - {} else { - __assert_fail( + } + } else if result as u64 != 0 { + break 'error; + } + result = CURLE_SSL_CONNECT_ERROR; + model = unsafe { PR_NewTCPSocket() }; + if model.is_null() { + break 'error; + } + model = unsafe { SSL_ImportFD(0 as *mut PRFileDesc, model) }; + if unsafe { SSL_OptionSet(model, 1 as i32, 1 as i32) } as i32 != SECSuccess as i32 { + break 'error; + } + if unsafe { SSL_OptionSet(model, 6 as i32, 0 as i32) } as i32 != SECSuccess as i32 { + break 'error; + } + if unsafe { SSL_OptionSet(model, 5 as i32, 1 as i32) } as i32 != SECSuccess as i32 { + break 'error; + } + #[cfg(not(CURL_DISABLE_PROXY))] + let ssl_no_cache_value = if (if CURLPROXY_HTTPS as i32 as u32 + == unsafe { (*conn).http_proxy.proxytype as u32 } + && ssl_connection_complete as i32 as u32 + != unsafe { + (*conn).proxy_ssl[(if (*conn).sock[1 as i32 as usize] == -(1 as i32) { + 0 as i32 + } else { + 1 as i32 + }) as usize] + .state as u32 + } { + unsafe { ((*data).set.proxy_ssl.primary).sessionid() as i32 } + } else { + unsafe { ((*data).set.ssl.primary).sessionid() as i32 } + }) != 0 + && (if CURLPROXY_HTTPS as u32 == unsafe { (*conn).http_proxy.proxytype as u32 } + && ssl_connection_complete as u32 + != unsafe { + (*conn).proxy_ssl[(if (*conn).sock[1 as usize] == -(1 as i32) { + 0 as i32 + } else { + 1 as i32 + }) as usize] + .state as u32 + } + { + unsafe { ((*conn).proxy_ssl_config).verifypeer() as i32 } + } else { + unsafe { ((*conn).ssl_config).verifypeer() as i32 } + }) != 0 + { + 0 as i32 + } else { + 1 as i32 + }; + #[cfg(CURL_DISABLE_PROXY)] + let ssl_no_cache_value = if unsafe { + ((*data).set.ssl.primary).sessionid() as i32 != 0 + && ((*conn).ssl_config).verifypeer() as i32 != 0 + } { + 0 as i32 + } else { + 1 as i32 + }; + + /* do not use SSL cache if disabled or we are not going to verify peer */ + ssl_no_cache = ssl_no_cache_value; + if unsafe { SSL_OptionSet(model, 9 as i32, ssl_no_cache) as i32 != SECSuccess as i32 } { + break 'error; + } + /* enable/disable the requested SSL version(s) */ + if nss_init_sslver(&mut sslver, data, conn) as u32 != CURLE_OK as u32 { + break 'error; + } + if unsafe { SSL_VersionRangeGetSupported(ssl_variant_stream, &mut sslver_supported) as i32 } + != SECSuccess as i32 + { + break 'error; + } + if (sslver_supported.max as i32) < sslver.max as i32 + && sslver_supported.max as i32 >= sslver.min as i32 + { + let mut sslver_req_str: *mut libc::c_char = 0 as *mut libc::c_char; + let mut sslver_supp_str: *mut libc::c_char = 0 as *mut libc::c_char; + sslver_req_str = nss_sslver_to_name(sslver.max); + sslver_supp_str = nss_sslver_to_name(sslver_supported.max); + if !sslver_req_str.is_null() && !sslver_supp_str.is_null() { + unsafe { + Curl_infof( + data, + b"Falling back from %s to max supported SSL version (%s)\0" as *const u8 + as *const libc::c_char, + sslver_req_str, + sslver_supp_str, + ); + } + } + #[cfg(not(CURLDEBUG))] + unsafe { + Curl_cfree.expect("non-null function pointer")(sslver_req_str as *mut libc::c_void); + } + #[cfg(not(CURLDEBUG))] + unsafe { + Curl_cfree.expect("non-null function pointer")( + sslver_supp_str as *mut libc::c_void, + ); + } + + #[cfg(CURLDEBUG)] + unsafe { + curl_dbg_free( + sslver_req_str as *mut libc::c_void, + 1935 as libc::c_int, + b"vtls/nss.c\0" as *const u8 as *const libc::c_char, + ); + } + #[cfg(CURLDEBUG)] + unsafe { + curl_dbg_free( + sslver_supp_str as *mut libc::c_void, + 1936 as libc::c_int, + b"vtls/nss.c\0" as *const u8 as *const libc::c_char, + ); + } + + sslver.max = sslver_supported.max; + } + if unsafe { SSL_VersionRangeSet(model, &mut sslver) as i32 != SECSuccess as i32 } { + break 'error; + } + #[cfg(not(CURL_DISABLE_PROXY))] + let ssl_cbc_random_iv_value = (if CURLPROXY_HTTPS as u32 + == unsafe { (*conn).http_proxy.proxytype as u32 } + && ssl_connection_complete as u32 + != unsafe { + (*conn).proxy_ssl[(if (*conn).sock[1 as usize] == -(1 as i32) { + 0 as i32 + } else { + 1 as i32 + }) as usize] + .state as u32 + } { + unsafe { ((*data).set.proxy_ssl).enable_beast() as i32 } + } else { + unsafe { ((*data).set.ssl).enable_beast() as i32 } + } == 0) as i32; + #[cfg(CURL_DISABLE_PROXY)] + let ssl_cbc_random_iv_value = unsafe { (((*data).set.ssl).enable_beast() == 0) as i32 }; + ssl_cbc_random_iv = ssl_cbc_random_iv_value; + #[cfg(SSL_CBC_RANDOM_IV)] + /* unless the user explicitly asks to allow the protocol vulnerability, we + use the work-around */ + if unsafe { SSL_OptionSet(model, 23 as i32, ssl_cbc_random_iv) as i32 != SECSuccess as i32 } + { + unsafe { + Curl_infof( + data, + b"warning: failed to set SSL_CBC_RANDOM_IV = %d\0" as *const u8 + as *const libc::c_char, + ssl_cbc_random_iv, + ); + } + } + + #[cfg(not(CURL_DISABLE_PROXY))] + let SSL_CONN_CONFIG_cipher_list = if CURLPROXY_HTTPS as u32 + == unsafe { (*conn).http_proxy.proxytype as u32 } + && ssl_connection_complete as i32 as u32 + != unsafe { + (*conn).proxy_ssl[(if (*conn).sock[1 as usize] == -(1 as i32) { + 0 as i32 + } else { + 1 as i32 + }) as usize] + .state as u32 + } { + unsafe { (*conn).proxy_ssl_config.cipher_list } + } else { + unsafe { (*conn).ssl_config.cipher_list } + }; + #[cfg(CURL_DISABLE_PROXY)] + let SSL_CONN_CONFIG_cipher_list = unsafe { (*conn).ssl_config.cipher_list }; + if !SSL_CONN_CONFIG_cipher_list.is_null() { + if set_ciphers(data, model, SSL_CONN_CONFIG_cipher_list) as i32 != SECSuccess as i32 { + result = CURLE_SSL_CIPHER; + // curl_mprintf(b"error\0" as *const u8 as *const libc::c_char); + break 'error; + } + } + #[cfg(not(CURL_DISABLE_PROXY))] + let SSL_CONN_CONFIG_verifypeer = if CURLPROXY_HTTPS as u32 + == unsafe { (*conn).http_proxy.proxytype as u32 } + && ssl_connection_complete as u32 + != unsafe { + (*conn).proxy_ssl[(if (*conn).sock[1 as usize] == -(1 as i32) { + 0 as i32 + } else { + 1 as i32 + }) as usize] + .state as u32 + } { + unsafe { ((*conn).proxy_ssl_config).verifypeer() as i32 } + } else { + unsafe { ((*conn).ssl_config).verifypeer() as i32 } + }; + #[cfg(CURL_DISABLE_PROXY)] + let SSL_CONN_CONFIG_verifypeer = unsafe { ((*conn).ssl_config).verifypeer() }; + + #[cfg(not(CURL_DISABLE_PROXY))] + let SSL_CONN_CONFIG_verifyhost = if CURLPROXY_HTTPS as u32 + == unsafe { (*conn).http_proxy.proxytype as u32 } + && ssl_connection_complete as u32 + != unsafe { + (*conn).proxy_ssl[(if (*conn).sock[1 as usize] == -(1 as i32) { + 0 as i32 + } else { + 1 as i32 + }) as usize] + .state as u32 + } { + unsafe { ((*conn).proxy_ssl_config).verifyhost() as i32 } + } else { + unsafe { ((*conn).ssl_config).verifyhost() as i32 } + }; + #[cfg(CURL_DISABLE_PROXY)] + let SSL_CONN_CONFIG_verifyhost = unsafe { ((*conn).ssl_config).verifyhost() }; + + if (SSL_CONN_CONFIG_verifypeer) == 0 && (SSL_CONN_CONFIG_verifyhost) != 0 { + unsafe { + Curl_infof( + data, + b"warning: ignoring value of ssl.verifyhost\0" as *const u8 + as *const libc::c_char, + ); + } + } + /* bypass the default SSL_AuthCertificate() hook in case we do not want to + * verify peer */ + if unsafe { + SSL_AuthCertificateHook( + model, + Some( + nss_auth_cert_hook + as unsafe extern "C" fn( + *mut libc::c_void, + *mut PRFileDesc, + PRBool, + PRBool, + ) -> SECStatus, + ), + data as *mut libc::c_void, + ) + } as i32 + != SECSuccess as i32 + { + break 'error; + } + #[cfg(not(CURL_DISABLE_PROXY))] + if true { + *if CURLPROXY_HTTPS as u32 == unsafe { (*conn).http_proxy.proxytype as u32 } + && ssl_connection_complete as u32 + != unsafe { + (*conn).proxy_ssl[(if (*conn).sock[1 as usize] == -(1 as i32) { + 0 as i32 + } else { + 1 as i32 + }) as usize] + .state as u32 + } + { + unsafe { &mut (*data).set.proxy_ssl.certverifyresult } + } else { + unsafe { &mut (*data).set.ssl.certverifyresult } + } = 0 as i64; + } + #[cfg(CURL_DISABLE_PROXY)] + if true { + unsafe { + (*data).set.ssl.certverifyresult = 0 as i64; + } + } + if unsafe { + SSL_BadCertHook( + model, + Some( + BadCertHandler + as unsafe extern "C" fn(*mut libc::c_void, *mut PRFileDesc) -> SECStatus, + ), + data as *mut libc::c_void, + ) + } as i32 + != SECSuccess as i32 + { + break 'error; + } + if unsafe { + SSL_HandshakeCallback( + model, + Some( + HandshakeCallback + as unsafe extern "C" fn(*mut PRFileDesc, *mut libc::c_void) -> (), + ), + data as *mut libc::c_void, + ) + } as i32 + != SECSuccess as i32 + { + break 'error; + } + let rv: CURLcode = nss_load_ca_certificates(data, conn, sockindex); + if rv as u32 == CURLE_SSL_CACERT_BADFILE as u32 && (SSL_CONN_CONFIG_verifypeer) == 0 { + unsafe { + Curl_infof( + data, + b"warning: CA certificates failed to load\0" as *const u8 + as *const libc::c_char, + ); + } + } else if rv as u64 != 0 { + result = rv; + break 'error; + } + #[cfg(not(CURL_DISABLE_PROXY))] + let SSL_SET_OPTION_CRLfile = if CURLPROXY_HTTPS as u32 + == unsafe { (*conn).http_proxy.proxytype as u32 } + && ssl_connection_complete as u32 + != unsafe { + (*conn).proxy_ssl[(if (*conn).sock[1 as usize] == -(1 as i32) { + 0 as i32 + } else { + 1 as i32 + }) as usize] + .state as u32 + } { + unsafe { (*data).set.proxy_ssl.CRLfile } + } else { + unsafe { (*data).set.ssl.CRLfile } + }; + #[cfg(CURL_DISABLE_PROXY)] + let SSL_SET_OPTION_CRLfile = unsafe { (*data).set.ssl.CRLfile }; + if !SSL_SET_OPTION_CRLfile.is_null() { + let rv_0: CURLcode = nss_load_crl(SSL_SET_OPTION_CRLfile); + if rv_0 as u64 != 0 { + result = rv_0; + break 'error; + } + unsafe { + Curl_infof( + data, + b" CRLfile: %s\0" as *const u8 as *const libc::c_char, + SSL_SET_OPTION_CRLfile, + ); + } + } + + #[cfg(not(CURL_DISABLE_PROXY))] + let SSL_SET_OPTION_primary_clientcert = if CURLPROXY_HTTPS as u32 + == unsafe { (*conn).http_proxy.proxytype as u32 } + && ssl_connection_complete as u32 + != unsafe { + (*conn).proxy_ssl[(if (*conn).sock[1 as usize] == -(1 as i32) { + 0 as i32 + } else { + 1 as i32 + }) as usize] + .state as u32 + } { + unsafe { (*data).set.proxy_ssl.primary.clientcert } + } else { + unsafe { (*data).set.ssl.primary.clientcert } + }; + #[cfg(CURL_DISABLE_PROXY)] + let SSL_SET_OPTION_primary_clientcert = unsafe { (*data).set.ssl.primary.clientcert }; + #[cfg(not(CURL_DISABLE_PROXY))] + let SSL_SET_OPTION_key = if CURLPROXY_HTTPS as u32 + == unsafe { (*conn).http_proxy.proxytype as u32 } + && ssl_connection_complete as u32 + != unsafe { + (*conn).proxy_ssl[(if (*conn).sock[1 as usize] == -(1 as i32) { + 0 as i32 + } else { + 1 as i32 + }) as usize] + .state as u32 + } { + unsafe { (*data).set.proxy_ssl.key } + } else { + unsafe { (*data).set.ssl.key } + }; + #[cfg(CURL_DISABLE_PROXY)] + let SSL_SET_OPTION_key = unsafe { (*data).set.ssl.key }; + if !SSL_SET_OPTION_primary_clientcert.is_null() { + let mut nickname: *mut libc::c_char = + dup_nickname(data, SSL_SET_OPTION_primary_clientcert); + if !nickname.is_null() { + unsafe { + (*backend).obj_clicert = 0 as *mut PK11GenericObject; + } + } else { + let mut rv_1: CURLcode = cert_stuff( + data, + conn, + sockindex, + SSL_SET_OPTION_primary_clientcert, + SSL_SET_OPTION_key, + ); + if rv_1 as u64 != 0 { + result = rv_1; + break 'error; + } + } + unsafe { + (*backend).client_nickname = nickname; + } + } else { + unsafe { + (*backend).client_nickname = 0 as *mut libc::c_char; + } + } + #[cfg(not(CURL_DISABLE_PROXY))] + if unsafe { + SSL_GetClientAuthDataHook( + model, + Some( + SelectClientCert + as unsafe extern "C" fn( + *mut libc::c_void, + *mut PRFileDesc, + *mut CERTDistNamesStr, + *mut *mut CERTCertificateStr, + *mut *mut SECKEYPrivateKeyStr, + ) -> SECStatus, + ), + connssl as *mut libc::c_void, + ) + } as i32 + != SECSuccess as i32 + { + result = CURLE_SSL_CERTPROBLEM; + break 'error; + } + + #[cfg(not(CURL_DISABLE_PROXY))] + if unsafe { ((*conn).proxy_ssl[sockindex as usize]).use_0() } != 0 { + #[cfg(all(DEBUGBUILD, HAVE_ASSERT_H))] + if ssl_connection_complete as libc::c_int as libc::c_uint + == unsafe { (*conn).proxy_ssl[sockindex as usize].state as libc::c_uint } + { + } else { + unsafe { + __assert_fail( b"ssl_connection_complete == conn->proxy_ssl[sockindex].state\0" as *const u8 as *const libc::c_char, b"vtls/nss.c\0" as *const u8 as *const libc::c_char, @@ -5136,13 +5072,13 @@ )) .as_ptr(), ); - } - #[cfg(all(DEBUGBUILD, HAVE_ASSERT_H))] - if !((*(*conn).proxy_ssl[sockindex as usize].backend) - .handle) - .is_null() - {} else { - __assert_fail( + } + } + #[cfg(all(DEBUGBUILD, HAVE_ASSERT_H))] + if unsafe { !((*(*conn).proxy_ssl[sockindex as usize].backend).handle).is_null() } { + } else { + unsafe { + __assert_fail( b"conn->proxy_ssl[sockindex].backend->handle != ((void*)0)\0" as *const u8 as *const libc::c_char, b"vtls/nss.c\0" as *const u8 as *const libc::c_char, @@ -5155,943 +5091,933 @@ )) .as_ptr(), ); - } - nspr_io = (*(*conn).proxy_ssl[sockindex as usize].backend).nss_handle; - second_layer = 1 as i32 != 0; - } else { - nspr_io = PR_ImportTCPSocket(sockfd); - if nspr_io.is_null() { - break 'error; - } - } - - #[cfg(CURL_DISABLE_PROXY)] - if SSL_GetClientAuthDataHook( - model, - Some( - SelectClientCert - as unsafe extern "C" fn( - *mut libc::c_void, - *mut PRFileDesc, - *mut CERTDistNamesStr, - *mut *mut CERTCertificateStr, - *mut *mut SECKEYPrivateKeyStr, - ) -> SECStatus, - ), - connssl as *mut libc::c_void, - ) as i32 - != SECSuccess as i32 - { - result = CURLE_SSL_CERTPROBLEM; - break 'error; - }else { - nspr_io = PR_ImportTCPSocket(sockfd); - if nspr_io.is_null() { - break 'error; - } - } - - - nspr_io_stub = PR_CreateIOLayerStub(nspr_io_identity, &mut nspr_io_methods); - if nspr_io_stub.is_null() { - if !second_layer { - PR_Close(nspr_io); - } - break 'error; - } - (*nspr_io_stub).secret = connssl as *mut libc::c_void as *mut PRFilePrivate; - if PR_PushIOLayer(nspr_io, -(2 as i32), nspr_io_stub) as i32 - != PR_SUCCESS as i32 - { - if !second_layer { - PR_Close(nspr_io); - } - PR_Close(nspr_io_stub); - break 'error; - } - (*backend).nss_handle = SSL_ImportFD(model, nspr_io); - if ((*backend).nss_handle).is_null() { - if !second_layer { - PR_Close(nspr_io); - } - break 'error; - } - PR_Close(model); - model = 0 as *mut PRFileDesc; - #[cfg(not(CURL_DISABLE_PROXY))] - let SSL_SET_OPTION_key_passwd = if CURLPROXY_HTTPS as u32 - == (*conn).http_proxy.proxytype as u32 - && ssl_connection_complete as u32 - != (*conn).proxy_ssl[(if (*conn).sock[1 as usize] - == -(1 as i32) - { - 0 as i32 - } else { - 1 as i32 - }) as usize] - .state as u32 - { - (*data).set.proxy_ssl.key_passwd - } else { - (*data).set.ssl.key_passwd - }; - #[cfg(CURL_DISABLE_PROXY)] - let SSL_SET_OPTION_key_passwd = (*data).set.ssl.key_passwd; - if !SSL_SET_OPTION_key_passwd.is_null() - { - SSL_SetPKCS11PinArg( - (*backend).nss_handle, - SSL_SET_OPTION_key_passwd as *mut libc::c_void, - ); - } - #[cfg(not(CURL_DISABLE_PROXY))] - let SSL_CONN_CONFIG_verifystatus = if CURLPROXY_HTTPS as u32 - == (*conn).http_proxy.proxytype as u32 - && ssl_connection_complete as u32 - != (*conn).proxy_ssl[(if (*conn).sock[1 as usize] - == -(1 as i32) - { - 0 as i32 - } else { - 1 as i32 - }) as usize] - .state as u32 - { - ((*conn).proxy_ssl_config).verifystatus() as i32 - } else { - ((*conn).ssl_config).verifystatus() as i32 - }; - #[cfg(CURL_DISABLE_PROXY)] - let SSL_CONN_CONFIG_verifystatus = ((*conn).ssl_config).verifystatus(); - #[cfg(SSL_ENABLE_OCSP_STAPLING)] - if SSL_CONN_CONFIG_verifystatus != 0 - { - if SSL_OptionSet((*backend).nss_handle, 24 as i32, 1 as i32) as i32 - != SECSuccess as i32 - { - break 'error; - } - } - #[cfg(SSL_ENABLE_NPN)] - if SSL_OptionSet( - (*backend).nss_handle, - 25 as i32, - (if ((*conn).bits).tls_enable_npn() as i32 != 0 { - 1 as i32 - } else { - 0 as i32 - }), - ) as i32 - != SECSuccess as i32 - { - break 'error; - } - #[cfg(SSL_ENABLE_ALPN)] - if SSL_OptionSet( - (*backend).nss_handle, - 26 as i32, - (if ((*conn).bits).tls_enable_alpn() as i32 != 0 { - 1 as i32 - } else { - 0 as i32 - }), - ) as i32 - != SECSuccess as i32 - { - break 'error; - } - if ((*data).set.ssl).falsestart() != 0 { - if SSL_OptionSet((*backend).nss_handle, 22 as i32, 1 as i32) as i32 - != SECSuccess as i32 - { - break 'error; - } - if SSL_SetCanFalseStartCallback( - (*backend).nss_handle, - Some( - CanFalseStartCallback - as unsafe extern "C" fn( - *mut PRFileDesc, - *mut libc::c_void, - *mut PRBool, - ) -> SECStatus, - ), - data as *mut libc::c_void, - ) as i32 - != SECSuccess as i32 - { - break 'error; - } - } - #[cfg(any(SSL_ENABLE_NPN, SSL_ENABLE_ALPN))] - if ((*conn).bits).tls_enable_npn() as i32 != 0 - || ((*conn).bits).tls_enable_alpn() as i32 != 0 - { - let mut cur: i32 = 0 as i32; - let mut protocols: [u8; 128] = [0; 128]; - #[cfg(USE_HTTP2)] - if true{ - #[cfg(not(CURL_DISABLE_PROXY))] - let CURL_DISABLE_PROXY_1 = (!(CURLPROXY_HTTPS as u32 - == (*conn).http_proxy.proxytype as u32 - && ssl_connection_complete as u32 - != (*conn).proxy_ssl[(if (*conn).sock[1 as usize] - == -(1 as i32) - { - 0 as i32 - } else { - 1 as i32 - }) as usize] - .state as u32) - || ((*conn).bits).tunnel_proxy() == 0); - #[cfg(CURL_DISABLE_PROXY)] - let CURL_DISABLE_PROXY_1 = true; - if (*data).state.httpwant as i32 >= CURL_HTTP_VERSION_2_0 as i32 - && CURL_DISABLE_PROXY_1 - { - cur = cur + 1; - protocols[cur as usize] = 2 as u8; - memcpy( - &mut *protocols.as_mut_ptr().offset(cur as isize) as *mut u8 - as *mut libc::c_void, - b"h2\0" as *const u8 as *const libc::c_char as *const libc::c_void, - 2 as u64, - ); - cur += 2 as i32; - } - } - cur = cur + 1; - protocols[cur as usize] = 8 as u8; - memcpy( - &mut *protocols.as_mut_ptr().offset(cur as isize) as *mut u8 - as *mut libc::c_void, - b"http/1.1\0" as *const u8 as *const libc::c_char as *const libc::c_void, - 8 as u64, - ); - cur += 8 as i32; - if SSL_SetNextProtoNego( - (*backend).nss_handle, - protocols.as_mut_ptr(), - cur as u32, - ) as i32 - != SECSuccess as i32 - { - break 'error; - } - } - if SSL_ResetHandshake((*backend).nss_handle, 0 as i32) as i32 - != SECSuccess as i32 - { - break 'error; - } - #[cfg(not(CURL_DISABLE_PROXY))] - let SSL_HOST_NAME_void = if CURLPROXY_HTTPS as u32 - == (*conn).http_proxy.proxytype as u32 - && ssl_connection_complete as u32 - != (*conn).proxy_ssl[(if (*conn).sock[1 as usize] - == -(1 as i32) - { - 0 as i32 - } else { - 1 as i32 - }) as usize] - .state as u32 - { - (*conn).http_proxy.host.name - } else { - (*conn).host.name - }; - #[cfg(CURL_DISABLE_PROXY)] - let SSL_HOST_NAME_void = (*conn).host.name; - if SSL_SetURL( - (*backend).nss_handle, - SSL_HOST_NAME_void, - ) as i32 - != SECSuccess as i32 - { - break 'error; - } - if SSL_SetSockPeerID( - (*backend).nss_handle, - SSL_HOST_NAME_void, - ) as i32 - != SECSuccess as i32 - { - break 'error; - } - return CURLE_OK; - } - // 循环结束 - if !model.is_null() { - PR_Close(model); - } - return nss_fail_connect(connssl, data, result); - } - } - - // unsafe extern "C" fn nss_do_connect( - // mut data: *mut Curl_easy, - // mut conn: *mut connectdata, - // mut sockindex: i32, - // ) -> CURLcode { - // let mut current_block: u64; - // let mut connssl: *mut ssl_connect_data = - // &mut *((*conn).ssl).as_mut_ptr().offset(sockindex as isize) as *mut ssl_connect_data; - // let mut backend: *mut ssl_backend_data = (*connssl).backend; - // let mut result: CURLcode = CURLE_SSL_CONNECT_ERROR; - // let mut timeout: PRUint32 = 0; - // let time_left: timediff_t = Curl_timeleft(data, 0 as *mut curltime, 1 as i32 != 0); - // if time_left < 0 as i32 as i64 { - // Curl_failf( - // data, - // b"timed out before SSL handshake\0" as *const u8 as *const libc::c_char, - // ); - // result = CURLE_OPERATION_TIMEDOUT; - // } else { - // timeout = PR_MillisecondsToInterval(time_left as PRUint32); - // if SSL_ForceHandshakeWithTimeout((*backend).handle, timeout) as i32 - // != SECSuccess as i32 - // { - // if PR_GetError() as i64 == -(5998 as i64) { - // return CURLE_AGAIN; - // } else { - // if (if CURLPROXY_HTTPS as i32 as u32 - // == (*conn).http_proxy.proxytype as u32 - // && ssl_connection_complete as i32 as u32 - // != (*conn).proxy_ssl[(if (*conn).sock[1 as i32 as usize] - // == -(1 as i32) - // { - // 0 as i32 - // } else { - // 1 as i32 - // }) as usize] - // .state as u32 - // { - // (*data).set.proxy_ssl.certverifyresult - // } else { - // (*data).set.ssl.certverifyresult - // }) == SSL_ERROR_BAD_CERT_DOMAIN as i32 as i64 - // { - // result = CURLE_PEER_FAILED_VERIFICATION; - // } else if (if CURLPROXY_HTTPS as i32 as u32 - // == (*conn).http_proxy.proxytype as u32 - // && ssl_connection_complete as i32 as u32 - // != (*conn).proxy_ssl[(if (*conn).sock[1 as i32 as usize] - // == -(1 as i32) - // { - // 0 as i32 - // } else { - // 1 as i32 - // }) as usize] - // .state as u32 - // { - // (*data).set.proxy_ssl.certverifyresult - // } else { - // (*data).set.ssl.certverifyresult - // }) != 0 as i32 as i64 - // { - // result = CURLE_PEER_FAILED_VERIFICATION; - // } - // } - // } else { - // result = display_conn_info(data, (*backend).handle); - // if !(result as u64 != 0) { - // if !if CURLPROXY_HTTPS as i32 as u32 - // == (*conn).http_proxy.proxytype as u32 - // && ssl_connection_complete as i32 as u32 - // != (*conn).proxy_ssl[(if (*conn).sock[1 as i32 as usize] - // == -(1 as i32) - // { - // 0 as i32 - // } else { - // 1 as i32 - // }) as usize] - // .state as u32 - // { - // (*conn).proxy_ssl_config.issuercert - // } else { - // (*conn).ssl_config.issuercert - // } - // .is_null() - // { - // let mut ret: SECStatus = SECFailure; - // let mut nickname: *mut libc::c_char = dup_nickname( - // data, - // if CURLPROXY_HTTPS as i32 as u32 - // == (*conn).http_proxy.proxytype as u32 - // && ssl_connection_complete as i32 as u32 - // != (*conn).proxy_ssl[(if (*conn).sock[1 as i32 as usize] - // == -(1 as i32) - // { - // 0 as i32 - // } else { - // 1 as i32 - // }) as usize] - // .state as u32 - // { - // (*conn).proxy_ssl_config.issuercert - // } else { - // (*conn).ssl_config.issuercert - // }, - // ); - // if !nickname.is_null() { - // ret = check_issuer_cert((*backend).handle, nickname); - // Curl_cfree.expect("non-null function pointer")( - // nickname as *mut libc::c_void, - // ); - // } - // if SECFailure as i32 == ret as i32 { - // Curl_infof( - // data, - // b"SSL certificate issuer check failed\0" as *const u8 - // as *const libc::c_char, - // ); - // result = CURLE_SSL_ISSUER_ERROR; - // current_block = 8268984542875525005; - // } else { - // Curl_infof( - // data, - // b"SSL certificate issuer check ok\0" as *const u8 - // as *const libc::c_char, - // ); - // current_block = 15925075030174552612; - // } - // } else { - // current_block = 15925075030174552612; - // } - // match current_block { - // 8268984542875525005 => {} - // _ => { - // result = cmp_peer_pubkey( - // connssl, - // if CURLPROXY_HTTPS as i32 as u32 - // == (*conn).http_proxy.proxytype as u32 - // && ssl_connection_complete as i32 as u32 - // != (*conn).proxy_ssl[(if (*conn).sock[1 as i32 as usize] - // == -(1 as i32) - // { - // 0 as i32 - // } else { - // 1 as i32 - // }) - // as usize] - // .state - // as u32 - // { - // (*data).set.str_0 - // [STRING_SSL_PINNEDPUBLICKEY_PROXY as i32 as usize] - // } else { - // (*data).set.str_0 - // [STRING_SSL_PINNEDPUBLICKEY as i32 as usize] - // }, - // ); - // if !(result as u64 != 0) { - // return CURLE_OK; - // } - // } - // } - // } - // } - // } - // return nss_fail_connect(connssl, data, result); - // } - extern "C" fn nss_do_connect( - mut data: *mut Curl_easy, - mut conn: *mut connectdata, - mut sockindex: i32, - ) -> CURLcode { - unsafe{ - let mut connssl: *mut ssl_connect_data = &mut *((*conn).ssl) - .as_mut_ptr() - .offset(sockindex as isize) as *mut ssl_connect_data; - let mut backend: *mut ssl_backend_data = (*connssl).backend; - let mut result: CURLcode = CURLE_SSL_CONNECT_ERROR; - let mut timeout: PRUint32 = 0; - let time_left: timediff_t = Curl_timeleft( - data, - 0 as *mut curltime, - 1 as i32 != 0, - ); - 'error: loop { - if time_left < 0 as i64 { - Curl_failf( - data, - b"timed out before SSL handshake\0" as *const u8 as *const libc::c_char, - ); - result = CURLE_OPERATION_TIMEDOUT; - break 'error; - } - timeout = PR_MillisecondsToInterval(time_left as PRUint32); - #[cfg(not(CURL_DISABLE_PROXY))] - let SSL_SET_OPTION_certverifyresult = if CURLPROXY_HTTPS as u32 - == (*conn).http_proxy.proxytype as u32 - && ssl_connection_complete as u32 - != (*conn) - .proxy_ssl[(if (*conn).sock[1 as usize] - == -(1 as i32) - { - 0 as i32 - } else { - 1 as i32 - }) as usize] - .state as u32 - { - (*data).set.proxy_ssl.certverifyresult - } else { - (*data).set.ssl.certverifyresult - }; - #[cfg(CURL_DISABLE_PROXY)] - let SSL_SET_OPTION_certverifyresult = (*data).set.ssl.certverifyresult; - if SSL_ForceHandshakeWithTimeout((*backend).nss_handle, timeout) as i32 - != SECSuccess as i32 - { - if PR_GetError() as i64 == -(5998 as i64) { - return CURLE_AGAIN - } else { - if SSL_SET_OPTION_certverifyresult == SSL_ERROR_BAD_CERT_DOMAIN as i64 - { - result = CURLE_PEER_FAILED_VERIFICATION; - } else if SSL_SET_OPTION_certverifyresult != 0 as i64 - { - result = CURLE_PEER_FAILED_VERIFICATION; - } - } - break 'error; - } - result = display_conn_info(data, (*backend).nss_handle); - if result as u64 != 0 { - break 'error; - } - - #[cfg(not(CURL_DISABLE_PROXY))] - let SSL_CONN_CONFIG_issuercert = if CURLPROXY_HTTPS as u32 - == (*conn).http_proxy.proxytype as u32 - && ssl_connection_complete as u32 - != (*conn) - .proxy_ssl[(if (*conn).sock[1 as usize] - == -(1 as i32) - { - 0 as i32 - } else { - 1 as i32 - }) as usize] - .state as u32 - { - (*conn).proxy_ssl_config.issuercert - } else { - (*conn).ssl_config.issuercert - }; - #[cfg(CURL_DISABLE_PROXY)] - let SSL_CONN_CONFIG_issuercert = (*conn).ssl_config.issuercert; - if !SSL_CONN_CONFIG_issuercert.is_null() - { - let mut ret: SECStatus = SECFailure; - let mut nickname: *mut libc::c_char = dup_nickname( - data, - SSL_CONN_CONFIG_issuercert, - ); - if !nickname.is_null() { - ret = check_issuer_cert((*backend).nss_handle, nickname); - Curl_cfree - .expect("non-null function pointer")(nickname as *mut libc::c_void); - } - if SECFailure as i32 == ret as i32 { - Curl_infof( - data, - b"SSL certificate issuer check failed\0" as *const u8 - as *const libc::c_char, - ); - result = CURLE_SSL_ISSUER_ERROR; - break 'error; - } else { - Curl_infof( - data, - b"SSL certificate issuer check ok\0" as *const u8 as *const libc::c_char, - ); - } - } - #[cfg(not(CURL_DISABLE_PROXY))] - let SSL_PINNED_PUB_KEY_void = if CURLPROXY_HTTPS as u32 - == (*conn).http_proxy.proxytype as u32 - && ssl_connection_complete as u32 - != (*conn) - .proxy_ssl[(if (*conn).sock[1 as usize] - == -(1 as i32) - { - 0 as i32 - } else { - 1 as i32 - }) as usize] - .state as u32 - { - (*data).set.str_0[STRING_SSL_PINNEDPUBLICKEY_PROXY as usize] - } else { - (*data).set.str_0[STRING_SSL_PINNEDPUBLICKEY as usize] - }; - #[cfg(CURL_DISABLE_PROXY)] - let SSL_PINNED_PUB_KEY_void = (*data) - .set - .str_0[STRING_SSL_PINNEDPUBLICKEY as usize]; - result = cmp_peer_pubkey( - connssl, - SSL_PINNED_PUB_KEY_void, - ); - if result as u64 != 0 { - break 'error; - } - return CURLE_OK; - } - return nss_fail_connect(connssl, data, result); - } - } - extern "C" fn nss_connect_common( - mut data: *mut Curl_easy, - mut conn: *mut connectdata, - mut sockindex: i32, - mut done: *mut bool, - ) -> CURLcode { - unsafe{ - let mut connssl: *mut ssl_connect_data = - &mut *((*conn).ssl).as_mut_ptr().offset(sockindex as isize) as *mut ssl_connect_data; - let blocking: bool = done.is_null(); - let mut result: CURLcode = CURLE_OK; - if (*connssl).state as u32 == ssl_connection_complete as u32 { - if !blocking { - *done = 1 as i32 != 0; - } - return CURLE_OK; - } - /* ssl_connect_done is never used outside, go back to the initial state */ - if (*connssl).connecting_state as u32 == ssl_connect_1 as u32 { - result = nss_setup_connect(data, conn, sockindex); - if result as u64 != 0 { - return result; - } - (*connssl).connecting_state = ssl_connect_2; - } - result = nss_set_blocking(connssl, data, blocking); - if result as u64 != 0 { - return result; - } - result = nss_do_connect(data, conn, sockindex); - 's_96: { - match result as u32 { - 0 => { - break 's_96; - } - 81 => { - if !blocking { - return CURLE_OK; - } - } - _ => {} - } - return result; - } - if blocking { - result = nss_set_blocking(connssl, data, 0 as i32 != 0); - if result as u64 != 0 { - return result; - } - } else { - *done = 1 as i32 != 0; - } - (*connssl).state = ssl_connection_complete; - (*conn).recv[sockindex as usize] = Some(nss_recv as Curl_recv); - (*conn).send[sockindex as usize] = Some(nss_send as Curl_send); - (*connssl).connecting_state = ssl_connect_1; - return CURLE_OK; - } - } - extern "C" fn nss_connect( - mut data: *mut Curl_easy, - mut conn: *mut connectdata, - mut sockindex: i32, - ) -> CURLcode { - unsafe{ - return nss_connect_common(data, conn, sockindex, 0 as *mut bool); - } - } - extern "C" fn nss_connect_nonblocking( - mut data: *mut Curl_easy, - mut conn: *mut connectdata, - mut sockindex: i32, - mut done: *mut bool, - ) -> CURLcode { - unsafe{ - return nss_connect_common(data, conn, sockindex, done); - } - } - - extern "C" fn nss_send( - mut data: *mut Curl_easy, - mut sockindex: i32, - mut mem: *const libc::c_void, - mut len: size_t, - mut curlcode: *mut CURLcode, - ) -> ssize_t { - unsafe{ - let mut conn: *mut connectdata = (*data).conn; - let mut connssl: *mut ssl_connect_data = - &mut *((*conn).ssl).as_mut_ptr().offset(sockindex as isize) as *mut ssl_connect_data; - let mut backend: *mut ssl_backend_data = (*connssl).backend; - let mut rc: ssize_t = 0; - (*backend).data = data; - rc = PR_Send( - (*backend).nss_handle, - mem, - len as i32, - 0 as i32, - 0 as PRIntervalTime, - ) as ssize_t;/* The SelectClientCert() hook uses this for infof() and failf() but the - handle stored in nss_setup_connect() could have already been freed. */ - if rc < 0 as i64 { - let mut err: PRInt32 = PR_GetError(); - if err as i64 == -(5998 as i64) { - *curlcode = CURLE_AGAIN; - } else { - /* print the error number and error string */ - let mut err_name: *const libc::c_char = nss_error_to_name(err); - Curl_infof( - data, - b"SSL write: error %d (%s)\0" as *const u8 as *const libc::c_char, - err, - err_name, - );/* print a human-readable message describing the error if available */ - nss_print_error_message(data, err as PRUint32); - *curlcode = (if is_cc_error(err) as i32 != 0 { - CURLE_SSL_CERTPROBLEM as i32 - } else { - CURLE_SEND_ERROR as i32 - }) as CURLcode; - } - return -(1 as i32) as ssize_t; - } - return rc;/* number of bytes */ - } - } - extern "C" fn nss_recv( - mut data: *mut Curl_easy, /* transfer */ - mut sockindex: i32,/* socketindex */ - mut buf: *mut libc::c_char, /* store read data here */ - mut buffersize: size_t, /* max amount to read */ - mut curlcode: *mut CURLcode, - ) -> ssize_t { - unsafe{ - let mut conn: *mut connectdata = (*data).conn; - let mut connssl: *mut ssl_connect_data = - &mut *((*conn).ssl).as_mut_ptr().offset(sockindex as isize) as *mut ssl_connect_data; - let mut backend: *mut ssl_backend_data = (*connssl).backend; - let mut nread: ssize_t = 0; - (*backend).data = data; - /* The SelectClientCert() hook uses this for infof() and failf() but the + } + } + nspr_io = unsafe { (*(*conn).proxy_ssl[sockindex as usize].backend).nss_handle }; + second_layer = 1 as i32 != 0; + } else { + nspr_io = unsafe { PR_ImportTCPSocket(sockfd) }; + if nspr_io.is_null() { + break 'error; + } + } + + #[cfg(CURL_DISABLE_PROXY)] + if unsafe { + SSL_GetClientAuthDataHook( + model, + Some( + SelectClientCert + as unsafe extern "C" fn( + *mut libc::c_void, + *mut PRFileDesc, + *mut CERTDistNamesStr, + *mut *mut CERTCertificateStr, + *mut *mut SECKEYPrivateKeyStr, + ) -> SECStatus, + ), + connssl as *mut libc::c_void, + ) + } as i32 + != SECSuccess as i32 + { + result = CURLE_SSL_CERTPROBLEM; + break 'error; + } else { + nspr_io = unsafe { PR_ImportTCPSocket(sockfd) }; + if nspr_io.is_null() { + break 'error; + } + } + + nspr_io_stub = unsafe { PR_CreateIOLayerStub(nspr_io_identity, &mut nspr_io_methods) }; + if nspr_io_stub.is_null() { + if !second_layer { + unsafe { + PR_Close(nspr_io); + } + } + break 'error; + } + unsafe { + (*nspr_io_stub).secret = connssl as *mut libc::c_void as *mut PRFilePrivate; + } + if unsafe { PR_PushIOLayer(nspr_io, -(2 as i32), nspr_io_stub) as i32 != PR_SUCCESS as i32 } + { + if !second_layer { + unsafe { + PR_Close(nspr_io); + } + } + unsafe { + PR_Close(nspr_io_stub); + } + break 'error; + } + unsafe { + (*backend).nss_handle = SSL_ImportFD(model, nspr_io); + } + if unsafe { ((*backend).nss_handle).is_null() } { + if !second_layer { + unsafe { + PR_Close(nspr_io); + } + } + break 'error; + } + unsafe { + PR_Close(model); + } + model = 0 as *mut PRFileDesc; + #[cfg(not(CURL_DISABLE_PROXY))] + let SSL_SET_OPTION_key_passwd = if CURLPROXY_HTTPS as u32 + == unsafe { (*conn).http_proxy.proxytype as u32 } + && ssl_connection_complete as u32 + != unsafe { + (*conn).proxy_ssl[(if (*conn).sock[1 as usize] == -(1 as i32) { + 0 as i32 + } else { + 1 as i32 + }) as usize] + .state as u32 + } { + unsafe { (*data).set.proxy_ssl.key_passwd } + } else { + unsafe { (*data).set.ssl.key_passwd } + }; + #[cfg(CURL_DISABLE_PROXY)] + let SSL_SET_OPTION_key_passwd = (*data).set.ssl.key_passwd; + if !SSL_SET_OPTION_key_passwd.is_null() { + unsafe { + SSL_SetPKCS11PinArg( + (*backend).nss_handle, + SSL_SET_OPTION_key_passwd as *mut libc::c_void, + ); + } + } + #[cfg(not(CURL_DISABLE_PROXY))] + let SSL_CONN_CONFIG_verifystatus = if CURLPROXY_HTTPS as u32 + == unsafe { (*conn).http_proxy.proxytype as u32 } + && ssl_connection_complete as u32 + != unsafe { + (*conn).proxy_ssl[(if (*conn).sock[1 as usize] == -(1 as i32) { + 0 as i32 + } else { + 1 as i32 + }) as usize] + .state as u32 + } { + unsafe { ((*conn).proxy_ssl_config).verifystatus() as i32 } + } else { + unsafe { ((*conn).ssl_config).verifystatus() as i32 } + }; + #[cfg(CURL_DISABLE_PROXY)] + let SSL_CONN_CONFIG_verifystatus = unsafe { ((*conn).ssl_config).verifystatus() }; + #[cfg(SSL_ENABLE_OCSP_STAPLING)] + if SSL_CONN_CONFIG_verifystatus != 0 { + if unsafe { + SSL_OptionSet((*backend).nss_handle, 24 as i32, 1 as i32) as i32 + != SECSuccess as i32 + } { + break 'error; + } + } + #[cfg(SSL_ENABLE_NPN)] + if unsafe { + SSL_OptionSet( + (*backend).nss_handle, + 25 as i32, + (if ((*conn).bits).tls_enable_npn() as i32 != 0 { + 1 as i32 + } else { + 0 as i32 + }), + ) + } as i32 + != SECSuccess as i32 + { + break 'error; + } + #[cfg(SSL_ENABLE_ALPN)] + if unsafe { + SSL_OptionSet( + (*backend).nss_handle, + 26 as i32, + (if ((*conn).bits).tls_enable_alpn() as i32 != 0 { + 1 as i32 + } else { + 0 as i32 + }), + ) + } as i32 + != SECSuccess as i32 + { + break 'error; + } + if unsafe { ((*data).set.ssl).falsestart() } != 0 { + if unsafe { SSL_OptionSet((*backend).nss_handle, 22 as i32, 1 as i32) } as i32 + != SECSuccess as i32 + { + break 'error; + } + if unsafe { + SSL_SetCanFalseStartCallback( + (*backend).nss_handle, + Some( + CanFalseStartCallback + as unsafe extern "C" fn( + *mut PRFileDesc, + *mut libc::c_void, + *mut PRBool, + ) -> SECStatus, + ), + data as *mut libc::c_void, + ) + } as i32 + != SECSuccess as i32 + { + break 'error; + } + } + #[cfg(any(SSL_ENABLE_NPN, SSL_ENABLE_ALPN))] + if unsafe { + ((*conn).bits).tls_enable_npn() as i32 != 0 + || ((*conn).bits).tls_enable_alpn() as i32 != 0 + } { + let mut cur: i32 = 0 as i32; + let mut protocols: [u8; 128] = [0; 128]; + #[cfg(USE_HTTP2)] + if true { + #[cfg(not(CURL_DISABLE_PROXY))] + let CURL_DISABLE_PROXY_1 = unsafe { + (!(CURLPROXY_HTTPS as u32 == (*conn).http_proxy.proxytype as u32 + && ssl_connection_complete as u32 + != (*conn).proxy_ssl[(if (*conn).sock[1 as usize] == -(1 as i32) { + 0 as i32 + } else { + 1 as i32 + }) as usize] + .state as u32) + || ((*conn).bits).tunnel_proxy() == 0) + }; + #[cfg(CURL_DISABLE_PROXY)] + let CURL_DISABLE_PROXY_1 = true; + unsafe { + if (*data).state.httpwant as i32 >= CURL_HTTP_VERSION_2_0 as i32 + && CURL_DISABLE_PROXY_1 + { + cur = cur + 1; + protocols[cur as usize] = 2 as u8; + memcpy( + &mut *protocols.as_mut_ptr().offset(cur as isize) as *mut u8 + as *mut libc::c_void, + b"h2\0" as *const u8 as *const libc::c_char as *const libc::c_void, + 2 as u64, + ); + cur += 2 as i32; + } + } + } + cur = cur + 1; + protocols[cur as usize] = 8 as u8; + unsafe { + memcpy( + &mut *protocols.as_mut_ptr().offset(cur as isize) as *mut u8 + as *mut libc::c_void, + b"http/1.1\0" as *const u8 as *const libc::c_char as *const libc::c_void, + 8 as u64, + ); + } + cur += 8 as i32; + if unsafe { + SSL_SetNextProtoNego((*backend).nss_handle, protocols.as_mut_ptr(), cur as u32) + as i32 + != SECSuccess as i32 + } { + break 'error; + } + } + if unsafe { + SSL_ResetHandshake((*backend).nss_handle, 0 as i32) as i32 != SECSuccess as i32 + } { + break 'error; + } + #[cfg(not(CURL_DISABLE_PROXY))] + let SSL_HOST_NAME_void = if CURLPROXY_HTTPS as u32 + == unsafe { (*conn).http_proxy.proxytype as u32 } + && ssl_connection_complete as u32 + != unsafe { + (*conn).proxy_ssl[(if (*conn).sock[1 as usize] == -(1 as i32) { + 0 as i32 + } else { + 1 as i32 + }) as usize] + .state as u32 + } { + unsafe { (*conn).http_proxy.host.name } + } else { + unsafe { (*conn).host.name } + }; + #[cfg(CURL_DISABLE_PROXY)] + let SSL_HOST_NAME_void = unsafe { (*conn).host.name }; + if unsafe { + SSL_SetURL((*backend).nss_handle, SSL_HOST_NAME_void) as i32 != SECSuccess as i32 + } { + break 'error; + } + if unsafe { + SSL_SetSockPeerID((*backend).nss_handle, SSL_HOST_NAME_void) as i32 != SECSuccess as i32 + } { + break 'error; + } + return CURLE_OK; + } + // 循环结束 + if !model.is_null() { + unsafe { + PR_Close(model); + } + } + return nss_fail_connect(connssl, data, result); +} + +// unsafe extern "C" fn nss_do_connect( +// mut data: *mut Curl_easy, +// mut conn: *mut connectdata, +// mut sockindex: i32, +// ) -> CURLcode { +// let mut current_block: u64; +// let mut connssl: *mut ssl_connect_data = +// &mut *((*conn).ssl).as_mut_ptr().offset(sockindex as isize) as *mut ssl_connect_data; +// let mut backend: *mut ssl_backend_data = (*connssl).backend; +// let mut result: CURLcode = CURLE_SSL_CONNECT_ERROR; +// let mut timeout: PRUint32 = 0; +// let time_left: timediff_t = Curl_timeleft(data, 0 as *mut curltime, 1 as i32 != 0); +// if time_left < 0 as i32 as i64 { +// Curl_failf( +// data, +// b"timed out before SSL handshake\0" as *const u8 as *const libc::c_char, +// ); +// result = CURLE_OPERATION_TIMEDOUT; +// } else { +// timeout = PR_MillisecondsToInterval(time_left as PRUint32); +// if SSL_ForceHandshakeWithTimeout((*backend).handle, timeout) as i32 +// != SECSuccess as i32 +// { +// if PR_GetError() as i64 == -(5998 as i64) { +// return CURLE_AGAIN; +// } else { +// if (if CURLPROXY_HTTPS as i32 as u32 +// == (*conn).http_proxy.proxytype as u32 +// && ssl_connection_complete as i32 as u32 +// != (*conn).proxy_ssl[(if (*conn).sock[1 as i32 as usize] +// == -(1 as i32) +// { +// 0 as i32 +// } else { +// 1 as i32 +// }) as usize] +// .state as u32 +// { +// (*data).set.proxy_ssl.certverifyresult +// } else { +// (*data).set.ssl.certverifyresult +// }) == SSL_ERROR_BAD_CERT_DOMAIN as i32 as i64 +// { +// result = CURLE_PEER_FAILED_VERIFICATION; +// } else if (if CURLPROXY_HTTPS as i32 as u32 +// == (*conn).http_proxy.proxytype as u32 +// && ssl_connection_complete as i32 as u32 +// != (*conn).proxy_ssl[(if (*conn).sock[1 as i32 as usize] +// == -(1 as i32) +// { +// 0 as i32 +// } else { +// 1 as i32 +// }) as usize] +// .state as u32 +// { +// (*data).set.proxy_ssl.certverifyresult +// } else { +// (*data).set.ssl.certverifyresult +// }) != 0 as i32 as i64 +// { +// result = CURLE_PEER_FAILED_VERIFICATION; +// } +// } +// } else { +// result = display_conn_info(data, (*backend).handle); +// if !(result as u64 != 0) { +// if !if CURLPROXY_HTTPS as i32 as u32 +// == (*conn).http_proxy.proxytype as u32 +// && ssl_connection_complete as i32 as u32 +// != (*conn).proxy_ssl[(if (*conn).sock[1 as i32 as usize] +// == -(1 as i32) +// { +// 0 as i32 +// } else { +// 1 as i32 +// }) as usize] +// .state as u32 +// { +// (*conn).proxy_ssl_config.issuercert +// } else { +// (*conn).ssl_config.issuercert +// } +// .is_null() +// { +// let mut ret: SECStatus = SECFailure; +// let mut nickname: *mut libc::c_char = dup_nickname( +// data, +// if CURLPROXY_HTTPS as i32 as u32 +// == (*conn).http_proxy.proxytype as u32 +// && ssl_connection_complete as i32 as u32 +// != (*conn).proxy_ssl[(if (*conn).sock[1 as i32 as usize] +// == -(1 as i32) +// { +// 0 as i32 +// } else { +// 1 as i32 +// }) as usize] +// .state as u32 +// { +// (*conn).proxy_ssl_config.issuercert +// } else { +// (*conn).ssl_config.issuercert +// }, +// ); +// if !nickname.is_null() { +// ret = check_issuer_cert((*backend).handle, nickname); +// Curl_cfree.expect("non-null function pointer")( +// nickname as *mut libc::c_void, +// ); +// } +// if SECFailure as i32 == ret as i32 { +// Curl_infof( +// data, +// b"SSL certificate issuer check failed\0" as *const u8 +// as *const libc::c_char, +// ); +// result = CURLE_SSL_ISSUER_ERROR; +// current_block = 8268984542875525005; +// } else { +// Curl_infof( +// data, +// b"SSL certificate issuer check ok\0" as *const u8 +// as *const libc::c_char, +// ); +// current_block = 15925075030174552612; +// } +// } else { +// current_block = 15925075030174552612; +// } +// match current_block { +// 8268984542875525005 => {} +// _ => { +// result = cmp_peer_pubkey( +// connssl, +// if CURLPROXY_HTTPS as i32 as u32 +// == (*conn).http_proxy.proxytype as u32 +// && ssl_connection_complete as i32 as u32 +// != (*conn).proxy_ssl[(if (*conn).sock[1 as i32 as usize] +// == -(1 as i32) +// { +// 0 as i32 +// } else { +// 1 as i32 +// }) +// as usize] +// .state +// as u32 +// { +// (*data).set.str_0 +// [STRING_SSL_PINNEDPUBLICKEY_PROXY as i32 as usize] +// } else { +// (*data).set.str_0 +// [STRING_SSL_PINNEDPUBLICKEY as i32 as usize] +// }, +// ); +// if !(result as u64 != 0) { +// return CURLE_OK; +// } +// } +// } +// } +// } +// } +// return nss_fail_connect(connssl, data, result); +// } +extern "C" fn nss_do_connect( + mut data: *mut Curl_easy, + mut conn: *mut connectdata, + mut sockindex: i32, +) -> CURLcode { + let mut connssl: *mut ssl_connect_data = unsafe { + &mut *((*conn).ssl).as_mut_ptr().offset(sockindex as isize) as *mut ssl_connect_data + }; + let mut backend: *mut ssl_backend_data = unsafe { (*connssl).backend }; + let mut result: CURLcode = CURLE_SSL_CONNECT_ERROR; + let mut timeout: PRUint32 = 0; + let time_left: timediff_t = unsafe { Curl_timeleft(data, 0 as *mut curltime, 1 as i32 != 0) }; + 'error: loop { + if time_left < 0 as i64 { + unsafe { + Curl_failf( + data, + b"timed out before SSL handshake\0" as *const u8 as *const libc::c_char, + ); + } + result = CURLE_OPERATION_TIMEDOUT; + break 'error; + } + timeout = unsafe { PR_MillisecondsToInterval(time_left as PRUint32) }; + #[cfg(not(CURL_DISABLE_PROXY))] + let SSL_SET_OPTION_certverifyresult = if CURLPROXY_HTTPS as u32 + == unsafe { (*conn).http_proxy.proxytype as u32 } + && ssl_connection_complete as u32 + != unsafe { + (*conn).proxy_ssl[(if (*conn).sock[1 as usize] == -(1 as i32) { + 0 as i32 + } else { + 1 as i32 + }) as usize] + .state as u32 + } { + unsafe { (*data).set.proxy_ssl.certverifyresult } + } else { + unsafe { (*data).set.ssl.certverifyresult } + }; + #[cfg(CURL_DISABLE_PROXY)] + let SSL_SET_OPTION_certverifyresult = unsafe { (*data).set.ssl.certverifyresult }; + if unsafe { + SSL_ForceHandshakeWithTimeout((*backend).nss_handle, timeout) as i32 + != SECSuccess as i32 + } { + if unsafe { PR_GetError() as i64 } == -(5998 as i64) { + return CURLE_AGAIN; + } else { + if SSL_SET_OPTION_certverifyresult == SSL_ERROR_BAD_CERT_DOMAIN as i64 { + result = CURLE_PEER_FAILED_VERIFICATION; + } else if SSL_SET_OPTION_certverifyresult != 0 as i64 { + result = CURLE_PEER_FAILED_VERIFICATION; + } + } + break 'error; + } + result = unsafe { display_conn_info(data, (*backend).nss_handle) }; + if result as u64 != 0 { + break 'error; + } + + #[cfg(not(CURL_DISABLE_PROXY))] + let SSL_CONN_CONFIG_issuercert = if CURLPROXY_HTTPS as u32 + == unsafe { (*conn).http_proxy.proxytype as u32 } + && ssl_connection_complete as u32 + != unsafe { + (*conn).proxy_ssl[(if (*conn).sock[1 as usize] == -(1 as i32) { + 0 as i32 + } else { + 1 as i32 + }) as usize] + .state as u32 + } { + unsafe { (*conn).proxy_ssl_config.issuercert } + } else { + unsafe { (*conn).ssl_config.issuercert } + }; + #[cfg(CURL_DISABLE_PROXY)] + let SSL_CONN_CONFIG_issuercert = unsafe { (*conn).ssl_config.issuercert }; + if !SSL_CONN_CONFIG_issuercert.is_null() { + let mut ret: SECStatus = SECFailure; + let mut nickname: *mut libc::c_char = dup_nickname(data, SSL_CONN_CONFIG_issuercert); + if !nickname.is_null() { + ret = unsafe { check_issuer_cert((*backend).nss_handle, nickname) }; + unsafe { + Curl_cfree.expect("non-null function pointer")(nickname as *mut libc::c_void); + } + } + if SECFailure as i32 == ret as i32 { + unsafe { + Curl_infof( + data, + b"SSL certificate issuer check failed\0" as *const u8 + as *const libc::c_char, + ); + } + result = CURLE_SSL_ISSUER_ERROR; + break 'error; + } else { + unsafe { + Curl_infof( + data, + b"SSL certificate issuer check ok\0" as *const u8 as *const libc::c_char, + ); + } + } + } + #[cfg(not(CURL_DISABLE_PROXY))] + let SSL_PINNED_PUB_KEY_void = if CURLPROXY_HTTPS as u32 + == unsafe { (*conn).http_proxy.proxytype as u32 } + && ssl_connection_complete as u32 + != unsafe { + (*conn).proxy_ssl[(if (*conn).sock[1 as usize] == -(1 as i32) { + 0 as i32 + } else { + 1 as i32 + }) as usize] + .state as u32 + } { + unsafe { (*data).set.str_0[STRING_SSL_PINNEDPUBLICKEY_PROXY as usize] } + } else { + unsafe { (*data).set.str_0[STRING_SSL_PINNEDPUBLICKEY as usize] } + }; + #[cfg(CURL_DISABLE_PROXY)] + let SSL_PINNED_PUB_KEY_void = + unsafe { (*data).set.str_0[STRING_SSL_PINNEDPUBLICKEY as usize] }; + result = cmp_peer_pubkey(connssl, SSL_PINNED_PUB_KEY_void); + if result as u64 != 0 { + break 'error; + } + return CURLE_OK; + } + return nss_fail_connect(connssl, data, result); +} +extern "C" fn nss_connect_common( + mut data: *mut Curl_easy, + mut conn: *mut connectdata, + mut sockindex: i32, + mut done: *mut bool, +) -> CURLcode { + let mut connssl: *mut ssl_connect_data = unsafe { + &mut *((*conn).ssl).as_mut_ptr().offset(sockindex as isize) as *mut ssl_connect_data + }; + let blocking: bool = done.is_null(); + let mut result: CURLcode = CURLE_OK; + if unsafe { (*connssl).state as u32 == ssl_connection_complete as u32 } { + if !blocking { + unsafe { + *done = 1 as i32 != 0; + } + } + return CURLE_OK; + } + /* ssl_connect_done is never used outside, go back to the initial state */ + if unsafe { (*connssl).connecting_state as u32 == ssl_connect_1 as u32 } { + result = nss_setup_connect(data, conn, sockindex); + if result as u64 != 0 { + return result; + } + unsafe { + (*connssl).connecting_state = ssl_connect_2; + } + } + result = nss_set_blocking(connssl, data, blocking); + if result as u64 != 0 { + return result; + } + result = nss_do_connect(data, conn, sockindex); + 's_96: { + match result as u32 { + 0 => { + break 's_96; + } + 81 => { + if !blocking { + return CURLE_OK; + } + } + _ => {} + } + return result; + } + if blocking { + result = nss_set_blocking(connssl, data, 0 as i32 != 0); + if result as u64 != 0 { + return result; + } + } else { + unsafe { + *done = 1 as i32 != 0; + } + } + unsafe { + (*connssl).state = ssl_connection_complete; + (*conn).recv[sockindex as usize] = Some(nss_recv as Curl_recv); + (*conn).send[sockindex as usize] = Some(nss_send as Curl_send); + (*connssl).connecting_state = ssl_connect_1; + } + return CURLE_OK; +} + +extern "C" fn nss_connect( + mut data: *mut Curl_easy, + mut conn: *mut connectdata, + mut sockindex: i32, +) -> CURLcode { + return nss_connect_common(data, conn, sockindex, 0 as *mut bool); +} +extern "C" fn nss_connect_nonblocking( + mut data: *mut Curl_easy, + mut conn: *mut connectdata, + mut sockindex: i32, + mut done: *mut bool, +) -> CURLcode { + return nss_connect_common(data, conn, sockindex, done); +} + +extern "C" fn nss_send( + mut data: *mut Curl_easy, + mut sockindex: i32, + mut mem: *const libc::c_void, + mut len: size_t, + mut curlcode: *mut CURLcode, +) -> ssize_t { + let mut conn: *mut connectdata = unsafe { (*data).conn }; + let mut connssl: *mut ssl_connect_data = unsafe { + &mut *((*conn).ssl).as_mut_ptr().offset(sockindex as isize) as *mut ssl_connect_data + }; + let mut backend: *mut ssl_backend_data = unsafe { (*connssl).backend }; + let mut rc: ssize_t = 0; + unsafe { + (*backend).data = data; + rc = PR_Send( + (*backend).nss_handle, + mem, + len as i32, + 0 as i32, + 0 as PRIntervalTime, + ) as ssize_t; + } /* The SelectClientCert() hook uses this for infof() and failf() but the handle stored in nss_setup_connect() could have already been freed. */ - nread = PR_Recv( - (*backend).nss_handle, - buf as *mut libc::c_void, - buffersize as i32, - 0 as i32, - 0 as PRIntervalTime, - ) as ssize_t; - if nread < 0 as i64 { - /* failed SSL read */ - let mut err: PRInt32 = PR_GetError(); - if err as i64 == -(5998 as i64) { - *curlcode = CURLE_AGAIN; - } else { - /* print the error number and error string */ - let mut err_name: *const libc::c_char = nss_error_to_name(err); - Curl_infof( - data, - b"SSL read: errno %d (%s)\0" as *const u8 as *const libc::c_char, - err, - err_name, - ); - /* print a human-readable message describing the error if available */ - nss_print_error_message(data, err as PRUint32); - *curlcode = (if is_cc_error(err) as i32 != 0 { - CURLE_SSL_CERTPROBLEM as i32 - } else { - CURLE_RECV_ERROR as i32 - }) as CURLcode; - } - return -(1 as i32) as ssize_t; - } - return nread; - } - } - extern "C" fn nss_version(mut buffer: *mut libc::c_char, mut size: size_t) -> size_t { - unsafe{ - return curl_msnprintf( - buffer, - size, - b"NSS/%s\0" as *const u8 as *const libc::c_char, - NSS_GetVersion(), - ) as size_t; - } - } - - /* data might be NULL */ - extern "C" fn Curl_nss_seed(mut data: *mut Curl_easy) -> i32 { - unsafe{ - /* make sure that NSS is initialized */ - return (Curl_nss_force_init(data) as u64 != 0) as i32; - } - } - - /* data might be NULL */ - extern "C" fn nss_random( - mut data: *mut Curl_easy, - mut entropy: *mut u8, - mut length: size_t, - ) -> CURLcode { - unsafe{ - Curl_nss_seed(data);/* Initiate the seed if not already done */ - - if SECSuccess as i32 - != PK11_GenerateRandom(entropy, curlx_uztosi(length)) as i32 - { - /* signal a failure */ - return CURLE_FAILED_INIT; - } - return CURLE_OK; - } - } - extern "C" fn nss_sha256sum( - mut tmp: *const u8, /* input */ - mut tmplen: size_t, - mut sha256sum: *mut u8,/* output */ - mut sha256len: size_t, - ) -> CURLcode { - unsafe{ - let mut SHA256pw: *mut PK11Context = PK11_CreateDigestContext(SEC_OID_SHA256); - let mut SHA256out: u32 = 0; - if SHA256pw.is_null() { - return CURLE_NOT_BUILT_IN; - } - PK11_DigestOp(SHA256pw, tmp, curlx_uztoui(tmplen)); - PK11_DigestFinal(SHA256pw, sha256sum, &mut SHA256out, curlx_uztoui(sha256len)); - PK11_DestroyContext(SHA256pw, 1 as i32); - return CURLE_OK; - } - } - extern "C" fn nss_cert_status_request() -> bool { - unsafe{ - #[cfg(SSL_ENABLE_OCSP_STAPLING)] - return 1 as i32 != 0; - #[cfg(not(SSL_ENABLE_OCSP_STAPLING))] - return 0 as i32 != 0; - } - } - extern "C" fn nss_false_start() -> bool { - unsafe{ - // #[cfg(NSSVERNUM >= 0x030f04)] - return 1 as i32 != 0;/* 3.15.4 */ - } - } - extern "C" fn nss_get_internals( - mut connssl: *mut ssl_connect_data, - mut info: CURLINFO, - ) -> *mut libc::c_void { - unsafe{ - let mut backend: *mut ssl_backend_data = (*connssl).backend; - return (*backend).nss_handle as *mut libc::c_void; - } - } - #[no_mangle] - pub static mut Curl_ssl_nss: Curl_ssl = { - { - let mut init = Curl_ssl { - info: { - let mut init = curl_ssl_backend { - id: CURLSSLBACKEND_NSS, - name: b"nss\0" as *const u8 as *const libc::c_char, - }; - init - }, - supports: ((1 as i32) << 0 as i32 - | (1 as i32) << 1 as i32 - | (1 as i32) << 2 as i32 - | (1 as i32) << 4 as i32) as u32, - sizeof_ssl_backend_data: ::std::mem::size_of::() as u64, - init: Some(nss_init as unsafe extern "C" fn() -> i32), - cleanup: Some(nss_cleanup as unsafe extern "C" fn() -> ()), - version: Some(nss_version as unsafe extern "C" fn(*mut libc::c_char, size_t) -> size_t), - check_cxn: Some(nss_check_cxn as unsafe extern "C" fn(*mut connectdata) -> i32), - shut_down: Some( - Curl_none_shutdown - as unsafe extern "C" fn( - *mut Curl_easy, - *mut connectdata, - i32, - ) -> i32, - ), - data_pending: Some( - Curl_none_data_pending - as unsafe extern "C" fn(*const connectdata, i32) -> bool, - ), - random: Some( - nss_random - as unsafe extern "C" fn(*mut Curl_easy, *mut u8, size_t) -> CURLcode, - ), - cert_status_request: Some(nss_cert_status_request as unsafe extern "C" fn() -> bool), - connect_blocking: Some( - nss_connect - as unsafe extern "C" fn( - *mut Curl_easy, - *mut connectdata, - i32, - ) -> CURLcode, - ), - connect_nonblocking: Some( - nss_connect_nonblocking - as unsafe extern "C" fn( - *mut Curl_easy, - *mut connectdata, - i32, - *mut bool, - ) -> CURLcode, - ), - getsock: Some( - Curl_ssl_getsock - as unsafe extern "C" fn(*mut connectdata, *mut curl_socket_t) -> i32, - ), - get_internals: Some( - nss_get_internals - as unsafe extern "C" fn(*mut ssl_connect_data, CURLINFO) -> *mut libc::c_void, - ), - close_one: Some( - nss_close - as unsafe extern "C" fn(*mut Curl_easy, *mut connectdata, i32) -> (), - ), - close_all: Some(Curl_none_close_all as unsafe extern "C" fn(*mut Curl_easy) -> ()), - session_free: Some( - Curl_none_session_free as unsafe extern "C" fn(*mut libc::c_void) -> (), - ), - set_engine: Some( - Curl_none_set_engine - as unsafe extern "C" fn(*mut Curl_easy, *const libc::c_char) -> CURLcode, - ), - set_engine_default: Some( - Curl_none_set_engine_default as unsafe extern "C" fn(*mut Curl_easy) -> CURLcode, - ), - engines_list: Some( - Curl_none_engines_list as unsafe extern "C" fn(*mut Curl_easy) -> *mut curl_slist, - ), - false_start: Some(nss_false_start as unsafe extern "C" fn() -> bool), - sha256sum: Some( - nss_sha256sum - as unsafe extern "C" fn( - *const u8, - size_t, - *mut u8, - size_t, - ) -> CURLcode, - ), - associate_connection: None, - disassociate_connection: None, - }; - init - } - }; - \ No newline at end of file + if rc < 0 as i64 { + let mut err: PRInt32 = unsafe { PR_GetError() }; + if err as i64 == -(5998 as i64) { + unsafe { + *curlcode = CURLE_AGAIN; + } + } else { + /* print the error number and error string */ + let mut err_name: *const libc::c_char = nss_error_to_name(err); + unsafe { + Curl_infof( + data, + b"SSL write: error %d (%s)\0" as *const u8 as *const libc::c_char, + err, + err_name, + ); + } /* print a human-readable message describing the error if available */ + nss_print_error_message(data, err as PRUint32); + unsafe { + *curlcode = (if is_cc_error(err) as i32 != 0 { + CURLE_SSL_CERTPROBLEM as i32 + } else { + CURLE_SEND_ERROR as i32 + }) as CURLcode; + } + } + return -(1 as i32) as ssize_t; + } + return rc; /* number of bytes */ +} + +extern "C" fn nss_recv( + mut data: *mut Curl_easy, /* transfer */ + mut sockindex: i32, /* socketindex */ + mut buf: *mut libc::c_char, /* store read data here */ + mut buffersize: size_t, /* max amount to read */ + mut curlcode: *mut CURLcode, +) -> ssize_t { + let mut conn: *mut connectdata = unsafe { (*data).conn }; + let mut connssl: *mut ssl_connect_data = unsafe { + &mut *((*conn).ssl).as_mut_ptr().offset(sockindex as isize) as *mut ssl_connect_data + }; + let mut backend: *mut ssl_backend_data = unsafe { (*connssl).backend }; + let mut nread: ssize_t = 0; + unsafe { + (*backend).data = data; + } + /* The SelectClientCert() hook uses this for infof() and failf() but the + handle stored in nss_setup_connect() could have already been freed. */ + nread = unsafe { + PR_Recv( + (*backend).nss_handle, + buf as *mut libc::c_void, + buffersize as i32, + 0 as i32, + 0 as PRIntervalTime, + ) as ssize_t + }; + if nread < 0 as i64 { + /* failed SSL read */ + let mut err: PRInt32 = unsafe { PR_GetError() }; + if err as i64 == -(5998 as i64) { + unsafe { + *curlcode = CURLE_AGAIN; + } + } else { + /* print the error number and error string */ + let mut err_name: *const libc::c_char = nss_error_to_name(err); + unsafe { + Curl_infof( + data, + b"SSL read: errno %d (%s)\0" as *const u8 as *const libc::c_char, + err, + err_name, + ); + } + /* print a human-readable message describing the error if available */ + nss_print_error_message(data, err as PRUint32); + unsafe { + *curlcode = (if is_cc_error(err) as i32 != 0 { + CURLE_SSL_CERTPROBLEM as i32 + } else { + CURLE_RECV_ERROR as i32 + }) as CURLcode; + } + } + return -(1 as i32) as ssize_t; + } + return nread; +} + +extern "C" fn nss_version(mut buffer: *mut libc::c_char, mut size: size_t) -> size_t { + unsafe { + return curl_msnprintf( + buffer, + size, + b"NSS/%s\0" as *const u8 as *const libc::c_char, + NSS_GetVersion(), + ) as size_t; + } +} + +/* data might be NULL */ +extern "C" fn Curl_nss_seed(mut data: *mut Curl_easy) -> i32 { + /* make sure that NSS is initialized */ + return (Curl_nss_force_init(data) as u64 != 0) as i32; +} + +/* data might be NULL */ +extern "C" fn nss_random( + mut data: *mut Curl_easy, + mut entropy: *mut u8, + mut length: size_t, +) -> CURLcode { + Curl_nss_seed(data); /* Initiate the seed if not already done */ + + if SECSuccess as i32 != unsafe { PK11_GenerateRandom(entropy, curlx_uztosi(length)) as i32 } { + /* signal a failure */ + return CURLE_FAILED_INIT; + } + return CURLE_OK; +} + +extern "C" fn nss_sha256sum( + mut tmp: *const u8, /* input */ + mut tmplen: size_t, + mut sha256sum: *mut u8, /* output */ + mut sha256len: size_t, +) -> CURLcode { + let mut SHA256pw: *mut PK11Context = unsafe { PK11_CreateDigestContext(SEC_OID_SHA256) }; + let mut SHA256out: u32 = 0; + if SHA256pw.is_null() { + return CURLE_NOT_BUILT_IN; + } + unsafe { + PK11_DigestOp(SHA256pw, tmp, curlx_uztoui(tmplen)); + PK11_DigestFinal(SHA256pw, sha256sum, &mut SHA256out, curlx_uztoui(sha256len)); + PK11_DestroyContext(SHA256pw, 1 as i32); + } + return CURLE_OK; +} +extern "C" fn nss_cert_status_request() -> bool { + #[cfg(SSL_ENABLE_OCSP_STAPLING)] + return 1 as i32 != 0; + #[cfg(not(SSL_ENABLE_OCSP_STAPLING))] + return 0 as i32 != 0; +} +extern "C" fn nss_false_start() -> bool { + // #[cfg(NSSVERNUM >= 0x030f04)] + return 1 as i32 != 0; /* 3.15.4 */ +} +extern "C" fn nss_get_internals( + mut connssl: *mut ssl_connect_data, + mut info: CURLINFO, +) -> *mut libc::c_void { + unsafe { + let mut backend: *mut ssl_backend_data = (*connssl).backend; + return (*backend).nss_handle as *mut libc::c_void; + } +} +#[no_mangle] +pub static mut Curl_ssl_nss: Curl_ssl = { + Curl_ssl { + info: { + let mut init = curl_ssl_backend { + id: CURLSSLBACKEND_NSS, + name: b"nss\0" as *const u8 as *const libc::c_char, + }; + init + }, + supports: ((1 as i32) << 0 as i32 + | (1 as i32) << 1 as i32 + | (1 as i32) << 2 as i32 + | (1 as i32) << 4 as i32) as u32, + sizeof_ssl_backend_data: ::std::mem::size_of::() as u64, + init: Some(nss_init as unsafe extern "C" fn() -> i32), + cleanup: Some(nss_cleanup as unsafe extern "C" fn() -> ()), + version: Some(nss_version as unsafe extern "C" fn(*mut libc::c_char, size_t) -> size_t), + check_cxn: Some(nss_check_cxn as unsafe extern "C" fn(*mut connectdata) -> i32), + shut_down: Some( + Curl_none_shutdown + as unsafe extern "C" fn(*mut Curl_easy, *mut connectdata, i32) -> i32, + ), + data_pending: Some( + Curl_none_data_pending as unsafe extern "C" fn(*const connectdata, i32) -> bool, + ), + random: Some( + nss_random as unsafe extern "C" fn(*mut Curl_easy, *mut u8, size_t) -> CURLcode, + ), + cert_status_request: Some(nss_cert_status_request as unsafe extern "C" fn() -> bool), + connect_blocking: Some( + nss_connect as unsafe extern "C" fn(*mut Curl_easy, *mut connectdata, i32) -> CURLcode, + ), + connect_nonblocking: Some( + nss_connect_nonblocking + as unsafe extern "C" fn( + *mut Curl_easy, + *mut connectdata, + i32, + *mut bool, + ) -> CURLcode, + ), + getsock: Some( + Curl_ssl_getsock as unsafe extern "C" fn(*mut connectdata, *mut curl_socket_t) -> i32, + ), + get_internals: Some( + nss_get_internals + as unsafe extern "C" fn(*mut ssl_connect_data, CURLINFO) -> *mut libc::c_void, + ), + close_one: Some( + nss_close as unsafe extern "C" fn(*mut Curl_easy, *mut connectdata, i32) -> (), + ), + close_all: Some(Curl_none_close_all as unsafe extern "C" fn(*mut Curl_easy) -> ()), + session_free: Some(Curl_none_session_free as unsafe extern "C" fn(*mut libc::c_void) -> ()), + set_engine: Some( + Curl_none_set_engine + as unsafe extern "C" fn(*mut Curl_easy, *const libc::c_char) -> CURLcode, + ), + set_engine_default: Some( + Curl_none_set_engine_default as unsafe extern "C" fn(*mut Curl_easy) -> CURLcode, + ), + engines_list: Some( + Curl_none_engines_list as unsafe extern "C" fn(*mut Curl_easy) -> *mut curl_slist, + ), + false_start: Some(nss_false_start as unsafe extern "C" fn() -> bool), + sha256sum: Some( + nss_sha256sum as unsafe extern "C" fn(*const u8, size_t, *mut u8, size_t) -> CURLcode, + ), + associate_connection: None, + disassociate_connection: None, + } +}; -- Gitee From daf597e7c0e57554fa25d43c464d7193de73fdff Mon Sep 17 00:00:00 2001 From: Your Name <1153793677@qq.com> Date: Thu, 15 Dec 2022 16:55:40 +0800 Subject: [PATCH 2/3] =?UTF-8?q?=E4=BC=98=E5=8C=96keylog?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- rust/rust_project/src/vtls/keylog.rs | 233 ++++++++++++++------------- 1 file changed, 120 insertions(+), 113 deletions(-) diff --git a/rust/rust_project/src/vtls/keylog.rs b/rust/rust_project/src/vtls/keylog.rs index 54e699c..4c5f7d9 100644 --- a/rust/rust_project/src/vtls/keylog.rs +++ b/rust/rust_project/src/vtls/keylog.rs @@ -38,46 +38,48 @@ static mut keylog_file_fp: *mut FILE = 0 as *const FILE as *mut FILE; #[no_mangle] pub extern "C" fn Curl_tls_keylog_open() { - unsafe { - let mut keylog_file_name: *mut libc::c_char = 0 as *mut libc::c_char; + let mut keylog_file_name: *mut libc::c_char = 0 as *mut libc::c_char; - if keylog_file_fp.is_null() { - keylog_file_name = curl_getenv(b"SSLKEYLOGFILE\0" as *const u8 as *const libc::c_char); - if !keylog_file_name.is_null() { - match () { - #[cfg(not(CURLDEBUG))] - _ => { - keylog_file_fp = fopen(keylog_file_name, FOPEN_APPENDTEXT); - } - #[cfg(CURLDEBUG)] - _ => { - keylog_file_fp = curl_dbg_fopen( - keylog_file_name, - b"a\0" as *const u8 as *const libc::c_char, - 53 as i32, - b"vtls/keylog.c\0" as *const u8 as *const libc::c_char, - ); - } - } - if !keylog_file_fp.is_null() { - #[cfg(WIN32)] - let flag: bool = setvbuf( - keylog_file_fp, - 0 as *mut libc::c_char, - _IONBF, - 0 as size_t, - ) != 0; - #[cfg(not(WIN32))] - let flag: bool = setvbuf( + if unsafe { keylog_file_fp.is_null() } { + keylog_file_name = + unsafe { curl_getenv(b"SSLKEYLOGFILE\0" as *const u8 as *const libc::c_char) }; + if !keylog_file_name.is_null() { + match () { + #[cfg(not(CURLDEBUG))] + _ => unsafe { + keylog_file_fp = fopen(keylog_file_name, FOPEN_APPENDTEXT); + }, + #[cfg(CURLDEBUG)] + _ => unsafe { + keylog_file_fp = curl_dbg_fopen( + keylog_file_name, + b"a\0" as *const u8 as *const libc::c_char, + 53 as i32, + b"vtls/keylog.c\0" as *const u8 as *const libc::c_char, + ); + }, + } + if unsafe { !keylog_file_fp.is_null() } { + #[cfg(WIN32)] + let flag: bool = unsafe { + setvbuf(keylog_file_fp, 0 as *mut libc::c_char, _IONBF, 0 as size_t) != 0 + }; + #[cfg(not(WIN32))] + let flag: bool = unsafe { + setvbuf( keylog_file_fp, 0 as *mut libc::c_char, _IOLBF, 4096 as size_t, - ) != 0; - if flag { - #[cfg(not(CURLDEBUG))] + ) != 0 + }; + if flag { + #[cfg(not(CURLDEBUG))] + unsafe { fclose(keylog_file_fp); - #[cfg(CURLDEBUG)] + } + #[cfg(CURLDEBUG)] + unsafe { curl_dbg_fclose( keylog_file_fp, 61, @@ -86,6 +88,8 @@ pub extern "C" fn Curl_tls_keylog_open() { keylog_file_fp = 0 as *mut FILE; } } + } + unsafe { #[cfg(not(CURLDEBUG))] Curl_cfree.expect("non-null function pointer")( keylog_file_name as *mut libc::c_void, @@ -96,16 +100,16 @@ pub extern "C" fn Curl_tls_keylog_open() { 65, b"vtls/keylog.c\0" as *const u8 as *const libc::c_char, ); - keylog_file_name = 0 as *mut libc::c_char; } + keylog_file_name = 0 as *mut libc::c_char; } } } #[no_mangle] pub extern "C" fn Curl_tls_keylog_close() { - unsafe { - if !keylog_file_fp.is_null() { + if unsafe { !keylog_file_fp.is_null() } { + unsafe { #[cfg(not(CURLDEBUG))] fclose(keylog_file_fp); #[cfg(CURLDEBUG)] @@ -114,9 +118,12 @@ pub extern "C" fn Curl_tls_keylog_close() { 74, b"vtls/keylog.c\0" as *const u8 as *const libc::c_char, ); + keylog_file_fp = 0 as *mut FILE; } - if !keylog_file_fp.is_null() { + } + if unsafe { !keylog_file_fp.is_null() } { + unsafe { #[cfg(not(CURLDEBUG))] fclose(keylog_file_fp); #[cfg(CURLDEBUG)] @@ -139,41 +146,39 @@ pub extern "C" fn Curl_tls_keylog_enabled() -> bool { #[no_mangle] pub extern "C" fn Curl_tls_keylog_write_line(mut line: *const libc::c_char) -> bool { - unsafe { - /* The current maximum valid keylog line length LF and NUL is 195. */ - let mut linelen: size_t = 0; - let mut buf: [libc::c_char; 256] = [0; 256]; + /* The current maximum valid keylog line length LF and NUL is 195. */ + let mut linelen: size_t = 0; + let mut buf: [libc::c_char; 256] = [0; 256]; - if keylog_file_fp.is_null() || line.is_null() { - return false; - } + if unsafe { keylog_file_fp.is_null() || line.is_null() } { + return false; + } - linelen = strlen(line); - if linelen == 0 - || linelen - > (::std::mem::size_of::<[libc::c_char; 256]>() as u64) - .wrapping_sub(2) - { - /* Empty line or too big to fit in a LF and NUL. */ - return false; - } + linelen = unsafe { strlen(line) }; + if linelen == 0 + || linelen > (::std::mem::size_of::<[libc::c_char; 256]>() as u64).wrapping_sub(2) + { + /* Empty line or too big to fit in a LF and NUL. */ + return false; + } + unsafe { memcpy( buf.as_mut_ptr() as *mut libc::c_void, line as *const libc::c_void, linelen, ); - if *line.offset(linelen.wrapping_sub(1) as isize) as i32 != '\n' as i32 { - buf[linelen as usize] = '\n' as i32 as libc::c_char; - linelen = linelen.wrapping_add(1); - } - buf[linelen as usize] = '\0' as i32 as libc::c_char; - - /* Using fputs here instead of fprintf since libcurl's fprintf replacement - may not be thread-safe. */ - fputs(buf.as_mut_ptr(), keylog_file_fp); - return true; } + if unsafe { *line.offset(linelen.wrapping_sub(1) as isize) as i32 != '\n' as i32 } { + buf[linelen as usize] = '\n' as i32 as libc::c_char; + linelen = linelen.wrapping_add(1); + } + buf[linelen as usize] = '\0' as i32 as libc::c_char; + + /* Using fputs here instead of fprintf since libcurl's fprintf replacement + may not be thread-safe. */ + unsafe { fputs(buf.as_mut_ptr(), keylog_file_fp) }; + return true; } #[no_mangle] @@ -183,71 +188,73 @@ pub extern "C" fn Curl_tls_keylog_write( mut secret: *const u8, mut secretlen: size_t, ) -> bool { - unsafe { - let mut hex: *const libc::c_char = - b"0123456789ABCDEF\0" as *const u8 as *const libc::c_char; - let mut pos: size_t = 0; - let mut i: size_t = 0; - let mut line: [libc::c_char; - (KEYLOG_LABEL_MAXLEN + 1 + 2 * CLIENT_RANDOM_SIZE + 1 + 2 * SECRET_MAXLEN + 1 + 1) - as usize] = - [0; (KEYLOG_LABEL_MAXLEN + 1 + 2 * CLIENT_RANDOM_SIZE + 1 + 2 * SECRET_MAXLEN + 1 + 1) - as usize]; + let mut hex: *const libc::c_char = b"0123456789ABCDEF\0" as *const u8 as *const libc::c_char; + let mut pos: size_t = 0; + let mut i: size_t = 0; + let mut line: [libc::c_char; + (KEYLOG_LABEL_MAXLEN + 1 + 2 * CLIENT_RANDOM_SIZE + 1 + 2 * SECRET_MAXLEN + 1 + 1) + as usize] = + [0; (KEYLOG_LABEL_MAXLEN + 1 + 2 * CLIENT_RANDOM_SIZE + 1 + 2 * SECRET_MAXLEN + 1 + 1) + as usize]; - if keylog_file_fp.is_null() { - return false; - } + if unsafe { keylog_file_fp.is_null() } { + return false; + } - pos = strlen(label); - if pos > KEYLOG_LABEL_MAXLEN || secretlen == 0 || secretlen > 48 { - /* Should never happen - sanity check anyway. */ - return false; - } + pos = unsafe { strlen(label) }; + if pos > KEYLOG_LABEL_MAXLEN || secretlen == 0 || secretlen > 48 { + /* Should never happen - sanity check anyway. */ + return false; + } + unsafe { memcpy( line.as_mut_ptr() as *mut libc::c_void, label as *const libc::c_void, pos, ); - line[pos as usize] = ' ' as i32 as libc::c_char; + } + line[pos as usize] = ' ' as i32 as libc::c_char; + pos = pos.wrapping_add(1); + + /* Client Random */ + i = 0 as size_t; + while i < CLIENT_RANDOM_SIZE { + line[pos as usize] = + unsafe { *hex.offset((*client_random.offset(i as isize) >> 4) as isize) }; pos = pos.wrapping_add(1); - /* Client Random */ - i = 0 as size_t; - while i < CLIENT_RANDOM_SIZE { - line[pos as usize] = - *hex.offset((*client_random.offset(i as isize) >> 4) as isize); - pos = pos.wrapping_add(1); - - line[pos as usize] = - *hex.offset((*client_random.offset(i as isize) as i32 & 0xf as i32) as isize); - pos = pos.wrapping_add(1); - - i = i.wrapping_add(1); - } - line[pos as usize] = ' ' as i32 as libc::c_char; + line[pos as usize] = unsafe { + *hex.offset((*client_random.offset(i as isize) as i32 & 0xf as i32) as isize) + }; pos = pos.wrapping_add(1); - /* Secret */ - i = 0 as size_t; - while i < secretlen { - line[pos as usize] = - *hex.offset((*secret.offset(i as isize) as i32 >> 4 as i32) as isize); - pos = pos.wrapping_add(1); - line[pos as usize] = - *hex.offset((*secret.offset(i as isize) as i32 & 0xf as i32) as isize); - pos = pos.wrapping_add(1); - i = i.wrapping_add(1); - } - line[pos as usize] = '\n' as i32 as libc::c_char; + i = i.wrapping_add(1); + } + line[pos as usize] = ' ' as i32 as libc::c_char; + pos = pos.wrapping_add(1); + + /* Secret */ + i = 0 as size_t; + while i < secretlen { + line[pos as usize] = + unsafe { *hex.offset((*secret.offset(i as isize) as i32 >> 4 as i32) as isize) }; + pos = pos.wrapping_add(1); + line[pos as usize] = + unsafe { *hex.offset((*secret.offset(i as isize) as i32 & 0xf as i32) as isize) }; pos = pos.wrapping_add(1); - line[pos as usize] = '\0' as i32 as libc::c_char; + i = i.wrapping_add(1); + } + line[pos as usize] = '\n' as i32 as libc::c_char; + pos = pos.wrapping_add(1); + line[pos as usize] = '\0' as i32 as libc::c_char; - /* Using fputs here instead of fprintf since libcurl's fprintf replacement - may not be thread-safe. */ + /* Using fputs here instead of fprintf since libcurl's fprintf replacement + may not be thread-safe. */ + unsafe { fputs(line.as_mut_ptr(), keylog_file_fp); - return true; } + return true; } #[cfg(test)] -- Gitee From a6222644a04d0317f969593947c389a18a530427 Mon Sep 17 00:00:00 2001 From: Your Name <1153793677@qq.com> Date: Fri, 16 Dec 2022 18:38:18 +0800 Subject: [PATCH 3/3] =?UTF-8?q?=E4=BC=98=E5=8C=96http?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- rust/rust_project/src/http.rs | 2605 +++++++++++++++++---------------- 1 file changed, 1311 insertions(+), 1294 deletions(-) diff --git a/rust/rust_project/src/http.rs b/rust/rust_project/src/http.rs index ee5cdfb..f72ad1f 100644 --- a/rust/rust_project/src/http.rs +++ b/rust/rust_project/src/http.rs @@ -170,13 +170,14 @@ pub static mut Curl_handler_https: Curl_handler = Curl_handler { flags: PROTOPT_SSL | PROTOPT_CREDSPERREQUEST | PROTOPT_ALPN_NPN | PROTOPT_USERPWDCTRL, }; -unsafe extern "C" fn http_setup_conn( + extern "C" fn http_setup_conn( mut data: *mut Curl_easy, mut conn: *mut connectdata, ) -> CURLcode { /* allocate the HTTP-specific struct for the Curl_easy, only to survive during this request */ let mut http: *mut HTTP = 0 as *mut HTTP; + unsafe{ #[cfg(all(DEBUGBUILD, HAVE_ASSERT_H))] if ((*data).req.p.http).is_null() { } else { @@ -189,26 +190,26 @@ unsafe extern "C" fn http_setup_conn( )) .as_ptr(), ); - } + }} #[cfg(not(CURLDEBUG))] - let mut new_http: *mut HTTP = Curl_ccalloc.expect("non-null function pointer")( + let mut new_http: *mut HTTP = unsafe{Curl_ccalloc.expect("non-null function pointer")( 1 as size_t, ::std::mem::size_of::() as u64, - ) as *mut HTTP; + ) as *mut HTTP}; #[cfg(CURLDEBUG)] - let mut new_http: *mut HTTP = curl_dbg_calloc( + let mut new_http: *mut HTTP = unsafe{curl_dbg_calloc( 1 as size_t, ::std::mem::size_of::() as u64, 181, b"http.c\0" as *const u8 as *const libc::c_char, - ) as *mut HTTP; + ) as *mut HTTP}; http = new_http; if http.is_null() { return CURLE_OUT_OF_MEMORY; } - + unsafe{ #[cfg(any( all(not(CURL_DISABLE_HTTP), not(CURL_DISABLE_MIME)), not(CURL_DISABLE_SMTP), @@ -234,7 +235,7 @@ unsafe extern "C" fn http_setup_conn( Curl_http2_setup_conn(conn); } Curl_http2_setup_req(data); - } + }} return CURLE_OK; } @@ -249,28 +250,28 @@ unsafe extern "C" fn http_setup_conn( * prefix without colon! */ #[no_mangle] -pub unsafe extern "C" fn Curl_checkProxyheaders( +pub extern "C" fn Curl_checkProxyheaders( mut data: *mut Curl_easy, mut conn: *const connectdata, mut thisheader: *const libc::c_char, ) -> *mut libc::c_char { let mut head: *mut curl_slist = 0 as *mut curl_slist; - let mut thislen: size_t = strlen(thisheader); + let mut thislen: size_t = unsafe{strlen(thisheader)}; - head = if ((*conn).bits).proxy() as i32 != 0 && ((*data).set).sep_headers() as i32 != 0 { + head = unsafe{if ((*conn).bits).proxy() as i32 != 0 && ((*data).set).sep_headers() as i32 != 0 { (*data).set.proxyheaders } else { (*data).set.headers - }; + }}; while !head.is_null() { - if Curl_strncasecompare((*head).data, thisheader, thislen) != 0 + if unsafe{Curl_strncasecompare((*head).data, thisheader, thislen) != 0 && (*((*head).data).offset(thislen as isize) as i32 == ':' as i32 - || *((*head).data).offset(thislen as isize) as i32 == ';' as i32) + || *((*head).data).offset(thislen as isize) as i32 == ';' as i32)} { - return (*head).data; + return unsafe{(*head).data}; } - head = (*head).next; + head = unsafe{(*head).next}; } return 0 as *mut libc::c_char; @@ -279,7 +280,7 @@ pub unsafe extern "C" fn Curl_checkProxyheaders( /* disabled */ #[cfg(CURL_DISABLE_PROXY)] #[no_mangle] -pub unsafe extern "C" fn Curl_checkProxyheaders( +pub extern "C" fn Curl_checkProxyheaders( mut data: *mut Curl_easy, mut conn: *const connectdata, mut thisheader: *const libc::c_char, @@ -294,7 +295,7 @@ pub unsafe extern "C" fn Curl_checkProxyheaders( * consists entirely of whitespace. */ #[no_mangle] -pub unsafe extern "C" fn Curl_copy_header_value( +pub extern "C" fn Curl_copy_header_value( mut header: *const libc::c_char, ) -> *mut libc::c_char { let mut start: *const libc::c_char = 0 as *const libc::c_char; @@ -303,61 +304,61 @@ pub unsafe extern "C" fn Curl_copy_header_value( let mut len: size_t = 0; /* Find the end of the header name */ - while *header as i32 != 0 && *header as i32 != ':' as i32 { - header = header.offset(1); + while unsafe{*header as i32 != 0 && *header as i32 != ':' as i32} { + header = unsafe{header.offset(1)}; } - if *header != 0 { + if unsafe{*header != 0 }{ /* Skip over colon */ - header = header.offset(1); + header = unsafe{header.offset(1)}; } /* Find the first non-space letter */ start = header; - while *start as i32 != 0 && Curl_isspace(*start as u8 as i32) != 0 { - start = start.offset(1); + while unsafe{*start as i32 != 0 && Curl_isspace(*start as u8 as i32) != 0} { + start = unsafe{start.offset(1)}; } /* data is in the host encoding so use '\r' and '\n' instead of 0x0d and 0x0a */ - end = strchr(start, '\r' as i32); + end = unsafe{strchr(start, '\r' as i32)}; if end.is_null() { - end = strchr(start, '\n' as i32); + end = unsafe{strchr(start, '\n' as i32)}; } if end.is_null() { - end = strchr(start, '\0' as i32); + end = unsafe{strchr(start, '\0' as i32)}; } if end.is_null() { return 0 as *mut libc::c_char; } /* skip all trailing space letters */ - while end > start && Curl_isspace(*end as u8 as i32) != 0 { - end = end.offset(-1); + while end > start && unsafe{Curl_isspace(*end as u8 as i32) != 0} { + end = unsafe{end.offset(-1)}; } /* get length of the type */ - len = (end.offset_from(start) as i64 + 1 as i64) as size_t; + len = unsafe{(end.offset_from(start) as i64 + 1 as i64) as size_t}; #[cfg(not(CURLDEBUG))] let mut new_value: *mut libc::c_char = - Curl_cmalloc.expect("non-null function pointer")(len.wrapping_add(1 as i32 as u64)) - as *mut libc::c_char; + unsafe{Curl_cmalloc.expect("non-null function pointer")(len.wrapping_add(1 as u64)) + as *mut libc::c_char}; #[cfg(CURLDEBUG)] - let mut new_value: *mut libc::c_char = curl_dbg_malloc( + let mut new_value: *mut libc::c_char = unsafe{curl_dbg_malloc( len.wrapping_add(1 as u64), 282, b"http.c\0" as *const u8 as *const libc::c_char, - ) as *mut libc::c_char; + ) as *mut libc::c_char}; value = new_value; if value.is_null() { return 0 as *mut libc::c_char; } - memcpy( + unsafe{ memcpy( value as *mut libc::c_void, start as *const libc::c_void, len, ); - *value.offset(len as isize) = 0 as libc::c_char; /* null-terminate */ + *value.offset(len as isize) = 0 as libc::c_char;} /* null-terminate */ return value; } @@ -368,7 +369,7 @@ pub unsafe extern "C" fn Curl_copy_header_value( * * Returns CURLcode. */ -unsafe extern "C" fn http_output_basic(mut data: *mut Curl_easy, mut proxy: bool) -> CURLcode { + extern "C" fn http_output_basic(mut data: *mut Curl_easy, mut proxy: bool) -> CURLcode { let mut size: size_t = 0 as size_t; let mut authorization: *mut libc::c_char = 0 as *mut libc::c_char; let mut userp: *mut *mut libc::c_char = 0 as *mut *mut libc::c_char; @@ -383,9 +384,9 @@ unsafe extern "C" fn http_output_basic(mut data: *mut Curl_easy, mut proxy: bool match () { #[cfg(not(CURL_DISABLE_PROXY))] _ => { - userp = &mut (*data).state.aptr.proxyuserpwd; - user = (*data).state.aptr.proxyuser; - pwd = (*data).state.aptr.proxypasswd; + userp = unsafe{&mut (*data).state.aptr.proxyuserpwd}; + user = unsafe{(*data).state.aptr.proxyuser}; + pwd = unsafe{(*data).state.aptr.proxypasswd}; } #[cfg(CURL_DISABLE_PROXY)] _ => { @@ -393,12 +394,12 @@ unsafe extern "C" fn http_output_basic(mut data: *mut Curl_easy, mut proxy: bool } } } else { - userp = &mut (*data).state.aptr.userpwd; - user = (*data).state.aptr.user; - pwd = (*data).state.aptr.passwd; + userp = unsafe{&mut (*data).state.aptr.userpwd}; + user = unsafe{(*data).state.aptr.user}; + pwd = unsafe{(*data).state.aptr.passwd}; } - out = curl_maprintf( + out =unsafe{ curl_maprintf( b"%s:%s\0" as *const u8 as *const libc::c_char, user, if !pwd.is_null() { @@ -406,16 +407,16 @@ unsafe extern "C" fn http_output_basic(mut data: *mut Curl_easy, mut proxy: bool } else { b"\0" as *const u8 as *const libc::c_char }, - ); + )}; if out.is_null() { return CURLE_OUT_OF_MEMORY; } - result = Curl_base64_encode(data, out, strlen(out), &mut authorization, &mut size); + result = unsafe{Curl_base64_encode(data, out, strlen(out), &mut authorization, &mut size)}; if !(result as u64 != 0) { if authorization.is_null() { result = CURLE_REMOTE_ACCESS_DENIED; - } else { + } else {unsafe{ #[cfg(not(CURLDEBUG))] Curl_cfree.expect("non-null function pointer")(*userp as *mut libc::c_void); #[cfg(CURLDEBUG)] @@ -443,9 +444,10 @@ unsafe extern "C" fn http_output_basic(mut data: *mut Curl_easy, mut proxy: bool ); if (*userp).is_null() { result = CURLE_OUT_OF_MEMORY; - } + }} } } + unsafe{ #[cfg(not(CURLDEBUG))] Curl_cfree.expect("non-null function pointer")(out as *mut libc::c_void); #[cfg(CURLDEBUG)] @@ -453,7 +455,7 @@ unsafe extern "C" fn http_output_basic(mut data: *mut Curl_easy, mut proxy: bool out as *mut libc::c_void, 350 as i32, b"http.c\0" as *const u8 as *const libc::c_char, - ); + );} return result; } @@ -464,11 +466,12 @@ unsafe extern "C" fn http_output_basic(mut data: *mut Curl_easy, mut proxy: bool * Returns CURLcode. */ #[cfg(not(CURL_DISABLE_HTTP_AUTH))] -unsafe extern "C" fn http_output_bearer(mut data: *mut Curl_easy) -> CURLcode { + extern "C" fn http_output_bearer(mut data: *mut Curl_easy) -> CURLcode { let mut userp: *mut *mut libc::c_char = 0 as *mut *mut libc::c_char; let mut result: CURLcode = CURLE_OK; - userp = &mut (*data).state.aptr.userpwd; + userp = unsafe{&mut (*data).state.aptr.userpwd}; + unsafe{ #[cfg(not(CURLDEBUG))] Curl_cfree.expect("non-null function pointer")(*userp as *mut libc::c_void); #[cfg(CURLDEBUG)] @@ -479,10 +482,10 @@ unsafe extern "C" fn http_output_bearer(mut data: *mut Curl_easy) -> CURLcode { ); *userp = curl_maprintf( b"Authorization: Bearer %s\r\n\0" as *const u8 as *const libc::c_char, - (*data).set.str_0[STRING_BEARER as i32 as usize], - ); + (*data).set.str_0[STRING_BEARER as usize], + );} - if (*userp).is_null() { + if unsafe{(*userp).is_null()} { result = CURLE_OUT_OF_MEMORY; } @@ -494,15 +497,16 @@ unsafe extern "C" fn http_output_bearer(mut data: *mut Curl_easy) -> CURLcode { * * return TRUE if one was picked */ -unsafe extern "C" fn pickoneauth(mut pick: *mut auth, mut mask: u64) -> bool { + extern "C" fn pickoneauth(mut pick: *mut auth, mut mask: u64) -> bool { let mut picked: bool = false; + /* only deal with authentication we want */ - let mut avail: u64 = (*pick).avail & (*pick).want & mask; + let mut avail: u64 = unsafe{(*pick).avail & (*pick).want & mask}; picked = true; /* The order of these checks is highly relevant, as this will be the order of preference in case of the existence of multiple accepted types. */ - + unsafe{ if avail & CURLAUTH_NEGOTIATE != 0 { (*pick).picked = CURLAUTH_NEGOTIATE; } else if avail & CURLAUTH_BEARER != 0 { @@ -522,7 +526,7 @@ unsafe extern "C" fn pickoneauth(mut pick: *mut auth, mut mask: u64) -> bool { picked = false; } (*pick).avail = CURLAUTH_NONE; /* clear it here */ - + } return picked; } @@ -549,11 +553,11 @@ unsafe extern "C" fn pickoneauth(mut pick: *mut auth, mut mask: u64) -> bool { * } * } */ -unsafe extern "C" fn http_perhapsrewind( + extern "C" fn http_perhapsrewind( mut data: *mut Curl_easy, mut conn: *mut connectdata, ) -> CURLcode { - let mut http: *mut HTTP = (*data).req.p.http; + let mut http: *mut HTTP = unsafe{(*data).req.p.http}; let mut bytessent: curl_off_t = 0; let mut expectsend: curl_off_t = -1 as curl_off_t; /* default is unknown */ @@ -563,16 +567,16 @@ unsafe extern "C" fn http_perhapsrewind( return CURLE_OK; } - match (*data).state.httpreq as u32 { + match unsafe{(*data).state.httpreq as u32} { // 0 | 5 => return CURLE_OK, HTTPREQ_GET | HTTPREQ_HEAD => return CURLE_OK, _ => {} } - bytessent = (*data).req.writebytecount; + bytessent = unsafe{(*data).req.writebytecount}; // todo 解决clippy错误,代码通过测试后就可以删掉注释 - if ((*conn).bits).authneg() != 0 || ((*conn).bits).protoconnstart() == 0 { + if unsafe{((*conn).bits).authneg() != 0 || ((*conn).bits).protoconnstart() == 0} { /* This is a state where we are known to be negotiating and we don't send any data then. */ expectsend = 0 as curl_off_t; @@ -580,35 +584,35 @@ unsafe extern "C" fn http_perhapsrewind( /* HTTP CONNECT in progress: there is no body */ // expectsend = 0 as curl_off_t; } else { - match (*data).state.httpreq as u32 { + match unsafe{(*data).state.httpreq as u32} { /* figure out how much data we are expected to send */ HTTPREQ_POST | HTTPREQ_PUT => { - if (*data).state.infilesize != -1 as i64 { - expectsend = (*data).state.infilesize; + if unsafe{(*data).state.infilesize != -1 as i64} { + expectsend = unsafe{(*data).state.infilesize}; } } HTTPREQ_POST_FORM | HTTPREQ_POST_MIME => { - expectsend = (*http).postsize; + expectsend = unsafe{(*http).postsize}; } _ => {} } } - (*conn).bits.set_rewindaftersend(0 as bit); /* default */ + unsafe{ (*conn).bits.set_rewindaftersend(0 as bit); }/* default */ if expectsend == -1 as i64 || expectsend > bytessent { match () { #[cfg(USE_NTLM)] /* There is still data left to send */ - _ => { + _ => {unsafe{ if (*data).state.authproxy.picked == CURLAUTH_NTLM || (*data).state.authhost.picked == CURLAUTH_NTLM || (*data).state.authproxy.picked == CURLAUTH_NTLM_WB || (*data).state.authhost.picked == CURLAUTH_NTLM_WB { if expectsend - bytessent < 2000 as i64 - || (*conn).http_ntlm_state as u32 != NTLMSTATE_NONE as i32 as u32 - || (*conn).proxy_ntlm_state as u32 != NTLMSTATE_NONE as i32 as u32 + || (*conn).http_ntlm_state as u32 != NTLMSTATE_NONE as u32 + || (*conn).proxy_ntlm_state as u32 != NTLMSTATE_NONE as u32 { /* The NTLM-negotiation has started *OR* there is just a little (<2K) data left to send, keep on sending. */ @@ -635,7 +639,7 @@ unsafe extern "C" fn http_perhapsrewind( as *const libc::c_char, expectsend - bytessent, ); - } + }} } #[cfg(not(USE_NTLM))] _ => {} @@ -644,13 +648,13 @@ unsafe extern "C" fn http_perhapsrewind( match () { #[cfg(USE_SPNEGO)] /* There is still data left to send */ - _ => { + _ => {unsafe{ if (*data).state.authproxy.picked == CURLAUTH_NEGOTIATE || (*data).state.authhost.picked == CURLAUTH_NEGOTIATE { if expectsend - bytessent < 2000 as i64 - || (*conn).http_negotiate_state as u32 != GSS_AUTHNONE as i32 as u32 - || (*conn).proxy_negotiate_state as u32 != GSS_AUTHNONE as i32 as u32 + || (*conn).http_negotiate_state as u32 != GSS_AUTHNONE as u32 + || (*conn).proxy_negotiate_state as u32 != GSS_AUTHNONE as u32 { /* The NEGOTIATE-negotiation has started *OR* there is just a little (<2K) data left to send, keep on sending. */ @@ -674,12 +678,12 @@ unsafe extern "C" fn http_perhapsrewind( as *const libc::c_char, expectsend - bytessent, ); - } + }} } #[cfg(not(USE_SPNEGO))] _ => {} } - + unsafe{ /* This is not NEGOTIATE/NTLM or many bytes left to send: close */ #[cfg(not(all(DEBUGBUILD, not(CURL_DISABLE_VERBOSE_STRINGS))))] Curl_conncontrol(conn, 2); @@ -693,9 +697,10 @@ unsafe extern "C" fn http_perhapsrewind( /* There still is data left to send, but this connection is marked for closure so we can safely do the rewind right now */ } + } if bytessent != 0 { /* we rewind now at once since if we already sent something */ - return Curl_readrewind(data); + return unsafe{Curl_readrewind(data)}; } return CURLE_OK; @@ -708,42 +713,42 @@ unsafe extern "C" fn http_perhapsrewind( * picked. */ #[no_mangle] -pub unsafe extern "C" fn Curl_http_auth_act(mut data: *mut Curl_easy) -> CURLcode { - let mut conn: *mut connectdata = (*data).conn; +pub extern "C" fn Curl_http_auth_act(mut data: *mut Curl_easy) -> CURLcode { + let mut conn: *mut connectdata = unsafe{(*data).conn}; let mut pickhost: bool = false; let mut pickproxy: bool = false; let mut result: CURLcode = CURLE_OK; let mut authmask: u64 = !(0 as u64); - if ((*data).set.str_0[STRING_BEARER as i32 as usize]).is_null() { + if unsafe{((*data).set.str_0[STRING_BEARER as usize]).is_null()} { authmask &= !CURLAUTH_BEARER; } - if 100 <= (*data).req.httpcode && 199 >= (*data).req.httpcode { + if unsafe{100 <= (*data).req.httpcode && 199 >= (*data).req.httpcode} { /* this is a transient response code, ignore */ return CURLE_OK; } - if ((*data).state).authproblem() != 0 { - return (if ((*data).set).http_fail_on_error() as i32 != 0 { + if unsafe{((*data).state).authproblem() != 0} { + return (if unsafe{((*data).set).http_fail_on_error() as i32 != 0} { CURLE_HTTP_RETURNED_ERROR as i32 } else { CURLE_OK as i32 }) as CURLcode; } - if (((*conn).bits).user_passwd() as i32 != 0 - || !((*data).set.str_0[STRING_BEARER as i32 as usize]).is_null()) + if unsafe{(((*conn).bits).user_passwd() as i32 != 0 + || !((*data).set.str_0[STRING_BEARER as usize]).is_null()) && ((*data).req.httpcode == 401 - || ((*conn).bits).authneg() as i32 != 0 && (*data).req.httpcode < 300) + || ((*conn).bits).authneg() as i32 != 0 && (*data).req.httpcode < 300)} { - pickhost = pickoneauth(&mut (*data).state.authhost, authmask); + pickhost = unsafe{pickoneauth(&mut (*data).state.authhost, authmask)}; if !pickhost { - (*data).state.set_authproblem(1 as bit); + unsafe{ (*data).state.set_authproblem(1 as bit);} } - if (*data).state.authhost.picked == CURLAUTH_NTLM && (*conn).httpversion as i32 > 11 { - Curl_infof( + if unsafe{(*data).state.authhost.picked == CURLAUTH_NTLM && (*conn).httpversion as i32 > 11 }{ + unsafe{Curl_infof( data, b"Forcing HTTP/1.1 for NTLM\0" as *const u8 as *const libc::c_char, ); @@ -756,10 +761,10 @@ pub unsafe extern "C" fn Curl_http_auth_act(mut data: *mut Curl_easy) -> CURLcod 1, b"Force HTTP/1.1 connection\0" as *const u8 as *const libc::c_char, ); - (*data).state.httpwant = CURL_HTTP_VERSION_1_1 as i32 as u8; + (*data).state.httpwant = CURL_HTTP_VERSION_1_1 as u8;} } } - + unsafe{ #[cfg(not(CURL_DISABLE_PROXY))] if ((*conn).bits).proxy_user_passwd() as i32 != 0 && ((*data).req.httpcode == 407 @@ -769,11 +774,11 @@ pub unsafe extern "C" fn Curl_http_auth_act(mut data: *mut Curl_easy) -> CURLcod if !pickproxy { (*data).state.set_authproblem(1 as bit); } - } + }} if pickhost as i32 != 0 || pickproxy as i32 != 0 { - if (*data).state.httpreq as u32 != HTTPREQ_GET as u32 + if unsafe{(*data).state.httpreq as u32 != HTTPREQ_GET as u32 && (*data).state.httpreq as u32 != HTTPREQ_HEAD as u32 - && ((*conn).bits).rewindaftersend() == 0 + && ((*conn).bits).rewindaftersend() == 0} { result = http_perhapsrewind(data, conn); if result as u64 != 0 { @@ -786,16 +791,17 @@ pub unsafe extern "C" fn Curl_http_auth_act(mut data: *mut Curl_easy) -> CURLcod /* In case this is GSS auth, the newurl field is already allocated so we must make sure to free it before allocating a new one. As figured out in bug #2284386 */ + unsafe{ Curl_cfree.expect("non-null function pointer")( (*data).req.newurl as *mut libc::c_void, ); (*data).req.newurl = 0 as *mut libc::c_char; /* clone URL */ (*data).req.newurl = - Curl_cstrdup.expect("non-null function pointer")((*data).state.url); + Curl_cstrdup.expect("non-null function pointer")((*data).state.url);} } #[cfg(CURLDEBUG)] - _ => { + _ => {unsafe{ /* In case this is GSS auth, the newurl field is already allocated so we must make sure to free it before allocating a new one. As figured out in bug #2284386 */ @@ -810,45 +816,45 @@ pub unsafe extern "C" fn Curl_http_auth_act(mut data: *mut Curl_easy) -> CURLcod (*data).state.url, 627, b"http.c\0" as *const u8 as *const libc::c_char, - ); + );} } } - if ((*data).req.newurl).is_null() { + if unsafe{((*data).req.newurl).is_null()} { return CURLE_OUT_OF_MEMORY; } - } else if (*data).req.httpcode < 300 + } else if unsafe{(*data).req.httpcode < 300 && ((*data).state.authhost).done() == 0 - && ((*conn).bits).authneg() as i32 != 0 + && ((*conn).bits).authneg() as i32 != 0} { /* no (known) authentication available, authentication is not "done" yet and no authentication seems to be required and we didn't try HEAD or GET */ - if (*data).state.httpreq as u32 != HTTPREQ_GET as u32 - && (*data).state.httpreq as u32 != HTTPREQ_HEAD as u32 + if unsafe{(*data).state.httpreq as u32 != HTTPREQ_GET as u32 + && (*data).state.httpreq as u32 != HTTPREQ_HEAD as u32} { #[cfg(not(CURLDEBUG))] let new_url: *mut libc::c_char = - Curl_cstrdup.expect("non-null function pointer")((*data).state.url); + unsafe{ Curl_cstrdup.expect("non-null function pointer")((*data).state.url)}; #[cfg(CURLDEBUG)] - let new_url: *mut libc::c_char = curl_dbg_strdup( + let new_url: *mut libc::c_char = unsafe{curl_dbg_strdup( (*data).state.url, 640, b"http.c\0" as *const u8 as *const libc::c_char, - ); - (*data).req.newurl = new_url; /* clone URL */ - if ((*data).req.newurl).is_null() { + )}; + unsafe{(*data).req.newurl = new_url;} /* clone URL */ + if unsafe{((*data).req.newurl).is_null()} { return CURLE_OUT_OF_MEMORY; } - (*data).state.authhost.set_done(1 as bit); + unsafe{ (*data).state.authhost.set_done(1 as bit)}; } } - if http_should_fail(data) { - Curl_failf( + if unsafe{http_should_fail(data)} { + unsafe{Curl_failf( data, b"The requested URL returned error: %d\0" as *const u8 as *const libc::c_char, (*data).req.httpcode, - ); + );} result = CURLE_HTTP_RETURNED_ERROR; } return result; @@ -859,7 +865,7 @@ pub unsafe extern "C" fn Curl_http_auth_act(mut data: *mut Curl_easy) -> CURLcod * Output the correct authentication header depending on the auth type * and whether or not it is to a proxy. */ -unsafe extern "C" fn output_auth_headers( + extern "C" fn output_auth_headers( mut data: *mut Curl_easy, mut conn: *mut connectdata, mut authstatus: *mut auth, @@ -871,63 +877,63 @@ unsafe extern "C" fn output_auth_headers( let mut result: CURLcode = CURLE_OK; let flag1: bool = if cfg!(not(CURL_DISABLE_CRYPTO_AUTH)) { - (*authstatus).picked == CURLAUTH_AWS_SIGV4 + unsafe{(*authstatus).picked == CURLAUTH_AWS_SIGV4} } else { false }; let flag2: bool = if cfg!(USE_SPNEGO) { - (*authstatus).picked == CURLAUTH_NEGOTIATE + unsafe{ (*authstatus).picked == CURLAUTH_NEGOTIATE} } else { false }; let flag3: bool = if cfg!(USE_NTLM) { - (*authstatus).picked == CURLAUTH_NTLM + unsafe{(*authstatus).picked == CURLAUTH_NTLM} } else { false }; let flag4: bool = if cfg!(all(USE_NTLM, NTLM_WB_ENABLED)) { - (*authstatus).picked == CURLAUTH_NTLM_WB + unsafe{(*authstatus).picked == CURLAUTH_NTLM_WB} } else { false }; let flag5: bool = if cfg!(not(CURL_DISABLE_CRYPTO_AUTH)) { - (*authstatus).picked == CURLAUTH_DIGEST + unsafe{(*authstatus).picked == CURLAUTH_DIGEST} } else { false }; if flag1 { auth = b"AWS_SIGV4\0" as *const u8 as *const libc::c_char; - result = Curl_output_aws_sigv4(data, proxy); + result = unsafe{Curl_output_aws_sigv4(data, proxy)}; if result as u64 != 0 { return result; } } else if flag2 { auth = b"Negotiate\0" as *const u8 as *const libc::c_char; - result = Curl_output_negotiate(data, conn, proxy); + result = unsafe{Curl_output_negotiate(data, conn, proxy)}; if result as u64 != 0 { return result; } } else if flag3 { auth = b"NTLM\0" as *const u8 as *const libc::c_char; - result = Curl_output_ntlm(data, proxy); + result = unsafe{Curl_output_ntlm(data, proxy)}; if result as u64 != 0 { return result; } } else if flag4 { auth = b"NTLM_WB\0" as *const u8 as *const libc::c_char; - result = Curl_output_ntlm_wb(data, conn, proxy); + result = unsafe{Curl_output_ntlm_wb(data, conn, proxy)}; if result as u64 != 0 { return result; } } else if flag5 { auth = b"Digest\0" as *const u8 as *const libc::c_char; - result = Curl_output_digest(data, proxy, request as *const u8, path as *const u8); + result = unsafe{Curl_output_digest(data, proxy, request as *const u8, path as *const u8)}; if result as u64 != 0 { return result; } - } else if (*authstatus).picked == CURLAUTH_BASIC { + } else if unsafe{(*authstatus).picked == CURLAUTH_BASIC} { #[cfg(not(CURL_DISABLE_PROXY))] - let flag6: bool = proxy as i32 != 0 + let flag6: bool = unsafe{proxy as i32 != 0 && ((*conn).bits).proxy_user_passwd() as i32 != 0 && (Curl_checkProxyheaders( data, @@ -941,12 +947,12 @@ unsafe extern "C" fn output_auth_headers( data, b"Authorization\0" as *const u8 as *const libc::c_char, )) - .is_null(); + .is_null()}; #[cfg(CURL_DISABLE_PROXY)] - let flag6: bool = !proxy + let flag6: bool = unsafe{!proxy && ((*conn).bits).user_passwd() as i32 != 0 && (Curl_checkheaders(data, b"Authorization\0" as *const u8 as *const libc::c_char)) - .is_null(); + .is_null()}; if flag6 { auth = b"Basic\0" as *const u8 as *const libc::c_char; result = http_output_basic(data, proxy); @@ -957,15 +963,15 @@ unsafe extern "C" fn output_auth_headers( /* NOTE: this function should set 'done' TRUE, as the other auth functions work that way */ - (*authstatus).set_done(1 as bit); + unsafe{ (*authstatus).set_done(1 as bit);} } - if (*authstatus).picked == CURLAUTH_BEARER { + if unsafe{(*authstatus).picked == CURLAUTH_BEARER} { /* Bearer */ - if !proxy - && !((*data).set.str_0[STRING_BEARER as i32 as usize]).is_null() + if unsafe{!proxy + && !((*data).set.str_0[STRING_BEARER as usize]).is_null() && (Curl_checkheaders(data, b"Authorization\0" as *const u8 as *const libc::c_char)) - .is_null() + .is_null()} { auth = b"Bearer\0" as *const u8 as *const libc::c_char; result = http_output_bearer(data); @@ -976,9 +982,9 @@ unsafe extern "C" fn output_auth_headers( /* NOTE: this function should set 'done' TRUE, as the other auth functions work that way */ - (*authstatus).set_done(1 as bit); + unsafe{(*authstatus).set_done(1 as bit);} } - if !auth.is_null() { + if !auth.is_null() {unsafe{ #[cfg(not(CURL_DISABLE_PROXY))] Curl_infof( data, @@ -1002,7 +1008,7 @@ unsafe extern "C" fn output_auth_headers( }, ); #[cfg(CURL_DISABLE_PROXY)] - Curl_infof( + Curl_infof( data, b"Server auth using %s with user '%s'\0" as *const u8 as *const libc::c_char, auth, @@ -1012,9 +1018,9 @@ unsafe extern "C" fn output_auth_headers( b"\0" as *const u8 as *const libc::c_char }, ); - (*authstatus).set_multipass((if (*authstatus).done() == 0 { 1 } else { 0 }) as bit); + (*authstatus).set_multipass((if (*authstatus).done() == 0 { 1 } else { 0 }) as bit)}; } else { - (*authstatus).set_multipass(0 as bit); + unsafe{ (*authstatus).set_multipass(0 as bit)}; } return CURLE_OK; } @@ -1035,7 +1041,7 @@ unsafe extern "C" fn output_auth_headers( */ #[cfg(not(CURL_DISABLE_HTTP_AUTH))] #[no_mangle] -pub unsafe extern "C" fn Curl_http_output_auth( +pub extern "C" fn Curl_http_output_auth( mut data: *mut Curl_easy, mut conn: *mut connectdata, mut request: *const libc::c_char, @@ -1048,10 +1054,10 @@ pub unsafe extern "C" fn Curl_http_output_auth( let mut authproxy: *mut auth = 0 as *mut auth; #[cfg(all(DEBUGBUILD, HAVE_ASSERT_H))] if !data.is_null() {} else { - __assert_fail( + unsafe{__assert_fail( b"data\0" as *const u8 as *const libc::c_char, b"http.c\0" as *const u8 as *const libc::c_char, - 805 as libc::c_int as libc::c_uint, + 805 as u32, (*::std::mem::transmute::< &[u8; 122], &[libc::c_char; 122], @@ -1059,49 +1065,49 @@ pub unsafe extern "C" fn Curl_http_output_auth( b"CURLcode Curl_http_output_auth(struct Curl_easy *, struct connectdata *, const char *, Curl_HttpReq, const char *, _Bool)\0", )) .as_ptr(), - ); + );} } - authhost = &mut (*data).state.authhost; - authproxy = &mut (*data).state.authproxy; + authhost = unsafe{&mut (*data).state.authhost}; + authproxy = unsafe{&mut (*data).state.authproxy}; #[cfg(not(CURL_DISABLE_PROXY))] - let flag1: bool = ((*conn).bits).httpproxy() as libc::c_int != 0 - && ((*conn).bits).proxy_user_passwd() as libc::c_int != 0 - || ((*conn).bits).user_passwd() as libc::c_int != 0 - || !((*data).set.str_0[STRING_BEARER as libc::c_int as usize]).is_null(); + let flag1: bool =unsafe{ ((*conn).bits).httpproxy() as i32 != 0 + && ((*conn).bits).proxy_user_passwd() as i32 != 0 + || ((*conn).bits).user_passwd() as i32 != 0 + || !((*data).set.str_0[STRING_BEARER as usize]).is_null()}; #[cfg(CURL_DISABLE_PROXY)] - let flag1: bool = ((*conn).bits).user_passwd() as libc::c_int != 0 - || !((*data).set.str_0[STRING_BEARER as libc::c_int as usize]).is_null(); + let flag1: bool = unsafe{((*conn).bits).user_passwd() as i32 != 0 + || !((*data).set.str_0[STRING_BEARER as usize]).is_null()}; if flag1 { } else { - (*authhost).set_done(1 as libc::c_int as bit); - (*authproxy).set_done(1 as libc::c_int as bit); + unsafe{ (*authhost).set_done(1 as bit); + (*authproxy).set_done(1 as bit);} return CURLE_OK; } - if (*authhost).want != 0 && (*authhost).picked == 0 { + if unsafe{(*authhost).want != 0 && (*authhost).picked == 0} { /* The app has selected one or more methods, but none has been picked so far by a server round-trip. Then we set the picked one to the want one, and if this is one single bit it'll be used instantly. */ - (*authhost).picked = (*authhost).want; + unsafe{ (*authhost).picked = (*authhost).want;} } - if (*authproxy).want != 0 && (*authproxy).picked == 0 { + if unsafe{(*authproxy).want != 0 && (*authproxy).picked == 0} { /* The app has selected one or more methods, but none has been picked so far by a proxy round-trip. Then we set the picked one to the want one, and if this is one single bit it'll be used instantly. */ - (*authproxy).picked = (*authproxy).want; + unsafe{ (*authproxy).picked = (*authproxy).want;} } match () { #[cfg(not(CURL_DISABLE_PROXY))] /* Send proxy authentication header if needed */ _ => { - if ((*conn).bits).httpproxy() as libc::c_int != 0 - && ((*conn).bits).tunnel_proxy() == proxytunnel as bit + if unsafe{((*conn).bits).httpproxy() as i32 != 0 + && ((*conn).bits).tunnel_proxy() == proxytunnel as bit} { - result = output_auth_headers(data, conn, authproxy, request, path, 1 as libc::c_int != 0); + result = output_auth_headers(data, conn, authproxy, request, path, 1 as i32 != 0); if result as u64 != 0 { return result; } } else { - (*authproxy).set_done(1 as libc::c_int as bit); + unsafe{(*authproxy).set_done(1 as bit);} } } /* CURL_DISABLE_PROXY */ @@ -1109,38 +1115,38 @@ pub unsafe extern "C" fn Curl_http_output_auth( /* we have no proxy so let's pretend we're done authenticating with it */ _ => { - (*authproxy).set_done(1 as libc::c_int as bit); + unsafe{ (*authproxy).set_done(1 as i32 as bit);} } } #[cfg(not(CURL_DISABLE_NETRC))] - let flag2: bool = ((*data).state).this_is_a_follow() == 0 - || ((*conn).bits).netrc() as libc::c_int != 0 + let flag2: bool = unsafe{((*data).state).this_is_a_follow() == 0 + || ((*conn).bits).netrc() as i32 != 0 || ((*data).state.first_host).is_null() - || ((*data).set).allow_auth_to_other_hosts() as libc::c_int != 0 - || Curl_strcasecompare((*data).state.first_host, (*conn).host.name) != 0; + || ((*data).set).allow_auth_to_other_hosts() as i32 != 0 + || Curl_strcasecompare((*data).state.first_host, (*conn).host.name) != 0}; /* To prevent the user+password to get sent to other than the original host due to a location-follow, we do some weirdo checks here */ #[cfg(CURL_DISABLE_NETRC)] - let flag2: bool = ((*data).state).this_is_a_follow() == 0 + let flag2: bool = unsafe{((*data).state).this_is_a_follow() == 0 || ((*data).state.first_host).is_null() - || ((*data).set).allow_auth_to_other_hosts() as libc::c_int != 0 - || Curl_strcasecompare((*data).state.first_host, (*conn).host.name) != 0; + || ((*data).set).allow_auth_to_other_hosts() as i32 != 0 + || Curl_strcasecompare((*data).state.first_host, (*conn).host.name) != 0}; if flag2 { - result = output_auth_headers(data, conn, authhost, request, path, 0 as libc::c_int != 0); + result = output_auth_headers(data, conn, authhost, request, path, 0 as i32 != 0); } else { - (*authhost).set_done(1 as libc::c_int as bit); + unsafe{(*authhost).set_done(1 as bit);} } - if ((*authhost).multipass() as libc::c_int != 0 && (*authhost).done() == 0 - || (*authproxy).multipass() as libc::c_int != 0 && (*authproxy).done() == 0) - && httpreq as libc::c_uint != HTTPREQ_GET as libc::c_int as libc::c_uint - && httpreq as libc::c_uint != HTTPREQ_HEAD as libc::c_int as libc::c_uint + if unsafe{ ((*authhost).multipass() as i32 != 0 && (*authhost).done() == 0 + || (*authproxy).multipass() as i32 != 0 && (*authproxy).done() == 0) + && httpreq as u32 != HTTPREQ_GET as u32 + && httpreq as u32 != HTTPREQ_HEAD as u32} { - let ref mut fresh8 = (*conn).bits; - (*fresh8).set_authneg(1 as libc::c_int as bit); + let ref mut fresh8 = unsafe{(*conn).bits}; + (*fresh8).set_authneg(1 as bit); } else { - let ref mut fresh9 = (*conn).bits; - (*fresh9).set_authneg(0 as libc::c_int as bit); + let ref mut fresh9 = unsafe{(*conn).bits}; + (*fresh9).set_authneg(0 as bit); } return result; } @@ -1148,7 +1154,7 @@ pub unsafe extern "C" fn Curl_http_output_auth( /* when disabled */ #[cfg(CURL_DISABLE_HTTP_AUTH)] #[no_mangle] -pub unsafe extern "C" fn Curl_http_output_auth( +pub extern "C" fn Curl_http_output_auth( mut data: *mut Curl_easy, mut conn: *mut connectdata, mut request: *const libc::c_char, @@ -1164,14 +1170,14 @@ pub unsafe extern "C" fn Curl_http_output_auth( * headers. They are dealt with both in the transfer.c main loop and in the * proxy CONNECT loop. */ -unsafe extern "C" fn is_valid_auth_separator(mut ch: libc::c_char) -> libc::c_int { - return (ch as libc::c_int == '\0' as i32 - || ch as libc::c_int == ',' as i32 - || Curl_isspace(ch as libc::c_uchar as libc::c_int) != 0) as libc::c_int; + extern "C" fn is_valid_auth_separator(mut ch: libc::c_char) -> i32 { + return (ch as i32 == '\0' as i32 + || ch as i32 == ',' as i32 + || unsafe{Curl_isspace(ch as i32) != 0}) as i32; } #[no_mangle] -pub unsafe extern "C" fn Curl_http_input_auth( +pub extern "C" fn Curl_http_input_auth( mut data: *mut Curl_easy, mut proxy: bool, mut auth: *const libc::c_char, @@ -1179,23 +1185,23 @@ pub unsafe extern "C" fn Curl_http_input_auth( /* * This resource requires authentication */ - let mut conn: *mut connectdata = (*data).conn; + let mut conn: *mut connectdata = unsafe{(*data).conn}; #[cfg(USE_SPNEGO)] let mut negstate: *mut curlnegotiate = if proxy as i32 != 0 { - &mut (*conn).proxy_negotiate_state + unsafe{ &mut (*conn).proxy_negotiate_state} } else { - &mut (*conn).http_negotiate_state + unsafe{ &mut (*conn).http_negotiate_state} }; let mut availp: *mut u64 = 0 as *mut u64; let mut authp: *mut auth = 0 as *mut auth; if proxy { - availp = &mut (*data).info.proxyauthavail; - authp = &mut (*data).state.authproxy; + availp = unsafe{&mut (*data).info.proxyauthavail}; + authp = unsafe{&mut (*data).state.authproxy}; } else { - availp = &mut (*data).info.httpauthavail; - authp = &mut (*data).state.authhost; + availp =unsafe{ &mut (*data).info.httpauthavail}; + authp = unsafe{&mut (*data).state.authhost}; } /* @@ -1213,38 +1219,38 @@ pub unsafe extern "C" fn Curl_http_input_auth( * headers have been received but then only to a single preferred method * (bit). */ - while *auth != 0 { + while unsafe{*auth != 0 }{ #[cfg(USE_SPNEGO)] - let flag1: bool = curl_strnequal( + let flag1: bool = unsafe{curl_strnequal( b"Negotiate\0" as *const u8 as *const libc::c_char, auth, strlen(b"Negotiate\0" as *const u8 as *const libc::c_char), ) != 0 - && is_valid_auth_separator(*auth.offset(9 as i32 as isize)) != 0; + && is_valid_auth_separator(*auth.offset(9 as i32 as isize)) != 0}; #[cfg(not(USE_SPNEGO))] let flag1: bool = false; #[cfg(USE_NTLM)] - let flag2: bool = curl_strnequal( + let flag2: bool = unsafe{curl_strnequal( b"NTLM\0" as *const u8 as *const libc::c_char, auth, strlen(b"NTLM\0" as *const u8 as *const libc::c_char), ) != 0 - && is_valid_auth_separator(*auth.offset(4 as isize)) != 0; + && is_valid_auth_separator(*auth.offset(4 as isize)) != 0}; #[cfg(not(USE_NTLM))] let flag2: bool = false; #[cfg(not(CURL_DISABLE_CRYPTO_AUTH))] - let flag3: bool = curl_strnequal( + let flag3: bool = unsafe{curl_strnequal( b"Digest\0" as *const u8 as *const libc::c_char, auth, strlen(b"Digest\0" as *const u8 as *const libc::c_char), ) != 0 - && is_valid_auth_separator(*auth.offset(6 as isize)) != 0; + && is_valid_auth_separator(*auth.offset(6 as isize)) != 0}; #[cfg(CURL_DISABLE_CRYPTO_AUTH)] let flag3: bool = false; if flag1 { match () { #[cfg(USE_SPNEGO)] - _ => { + _ => {unsafe{ if (*authp).avail & (1 as u64) << 2 != 0 || Curl_auth_is_spnego_supported() as i32 != 0 { @@ -1267,7 +1273,7 @@ pub unsafe extern "C" fn Curl_http_input_auth( (*data).state.set_authproblem(1 as bit); } } - } + }} } #[cfg(not(USE_SPNEGO))] _ => {} @@ -1301,38 +1307,38 @@ pub unsafe extern "C" fn Curl_http_input_auth( // } // } } else if flag2 { - if (*authp).avail & CURLAUTH_NTLM != 0 + if unsafe{(*authp).avail & CURLAUTH_NTLM != 0 || (*authp).avail & CURLAUTH_NTLM_WB != 0 - || Curl_auth_is_ntlm_supported() as i32 != 0 + || Curl_auth_is_ntlm_supported() as i32 != 0} { - *availp |= CURLAUTH_NTLM; - (*authp).avail |= CURLAUTH_NTLM; - if (*authp).picked == CURLAUTH_NTLM || (*authp).picked == CURLAUTH_NTLM_WB { - let mut result_0: CURLcode = Curl_input_ntlm(data, proxy, auth); + unsafe{*availp |= CURLAUTH_NTLM; + (*authp).avail |= CURLAUTH_NTLM;} + if unsafe{(*authp).picked == CURLAUTH_NTLM || (*authp).picked == CURLAUTH_NTLM_WB} { + let mut result_0: CURLcode = unsafe{Curl_input_ntlm(data, proxy, auth)}; if result_0 as u64 == 0 { - (*data).state.set_authproblem(0 as bit); - if (*authp).picked == CURLAUTH_NTLM_WB { - *availp &= !CURLAUTH_NTLM; + unsafe{(*data).state.set_authproblem(0 as bit)}; + if unsafe{ (*authp).picked == CURLAUTH_NTLM_WB} { + unsafe{ *availp &= !CURLAUTH_NTLM; (*authp).avail &= !CURLAUTH_NTLM; *availp |= CURLAUTH_NTLM_WB; - (*authp).avail |= CURLAUTH_NTLM_WB; - result_0 = Curl_input_ntlm_wb(data, conn, proxy, auth); + (*authp).avail |= CURLAUTH_NTLM_WB;} + result_0 = unsafe{Curl_input_ntlm_wb(data, conn, proxy, auth)}; if result_0 as u64 != 0 { - Curl_infof( + unsafe{Curl_infof( data, b"Authentication problem. Ignoring this.\0" as *const u8 as *const libc::c_char, ); - (*data).state.set_authproblem(1 as bit); + (*data).state.set_authproblem(1 as bit);} } } } else { - Curl_infof( + unsafe{Curl_infof( data, b"Authentication problem. Ignoring this.\0" as *const u8 as *const libc::c_char, ); - (*data).state.set_authproblem(1 as bit); + (*data).state.set_authproblem(1 as bit);} } } } @@ -1340,88 +1346,88 @@ pub unsafe extern "C" fn Curl_http_input_auth( match () { #[cfg(not(CURL_DISABLE_CRYPTO_AUTH))] _ => { - if (*authp).avail & CURLAUTH_DIGEST != 0 as u64 { - Curl_infof( + if unsafe{(*authp).avail & CURLAUTH_DIGEST != 0 as u64} { + unsafe{Curl_infof( data, b"Ignoring duplicate digest auth header.\0" as *const u8 as *const libc::c_char, - ); - } else if Curl_auth_is_digest_supported() { + );} + } else if unsafe{Curl_auth_is_digest_supported()} { let mut result: CURLcode = CURLE_OK; - *availp |= CURLAUTH_DIGEST; - (*authp).avail |= CURLAUTH_DIGEST; + unsafe{*availp |= CURLAUTH_DIGEST; + (*authp).avail |= CURLAUTH_DIGEST;} /* We call this function on input Digest headers even if Digest * authentication isn't activated yet, as we need to store the * incoming data from this header in case we are going to use * Digest */ - result = Curl_input_digest(data, proxy, auth); + result = unsafe{Curl_input_digest(data, proxy, auth)}; if result as u64 != 0 { - Curl_infof( + unsafe{ Curl_infof( data, b"Authentication problem. Ignoring this.\0" as *const u8 as *const libc::c_char, ); - (*data).state.set_authproblem(1 as bit); + (*data).state.set_authproblem(1 as bit);} } } } #[cfg(CURL_DISABLE_CRYPTO_AUTH)] _ => {} } - } else if curl_strnequal( + } else if unsafe{curl_strnequal( b"Basic\0" as *const u8 as *const libc::c_char, auth, strlen(b"Basic\0" as *const u8 as *const libc::c_char), ) != 0 - && is_valid_auth_separator(*auth.offset(5 as isize)) != 0 + && is_valid_auth_separator(*auth.offset(5 as isize)) != 0} { - *availp |= CURLAUTH_BASIC; - (*authp).avail |= CURLAUTH_BASIC; - if (*authp).picked == CURLAUTH_BASIC { + unsafe{ *availp |= CURLAUTH_BASIC; + (*authp).avail |= CURLAUTH_BASIC;} + if unsafe{(*authp).picked == CURLAUTH_BASIC }{ /* We asked for Basic authentication but got a 40X back anyway, which basically means our name+password isn't valid. */ - (*authp).avail = CURLAUTH_NONE; + unsafe{ (*authp).avail = CURLAUTH_NONE; Curl_infof( data, b"Authentication problem. Ignoring this.\0" as *const u8 as *const libc::c_char, ); - (*data).state.set_authproblem(1 as bit); + (*data).state.set_authproblem(1 as bit);} } - } else if curl_strnequal( + } else if unsafe{curl_strnequal( b"Bearer\0" as *const u8 as *const libc::c_char, auth, strlen(b"Bearer\0" as *const u8 as *const libc::c_char), ) != 0 - && is_valid_auth_separator(*auth.offset(6 as isize)) != 0 + && is_valid_auth_separator(*auth.offset(6 as isize)) != 0} { - *availp |= CURLAUTH_BEARER; - (*authp).avail |= CURLAUTH_BEARER; - if (*authp).picked == CURLAUTH_BEARER { + unsafe{*availp |= CURLAUTH_BEARER; + (*authp).avail |= CURLAUTH_BEARER;} + if unsafe{ (*authp).picked == CURLAUTH_BEARER} { /* We asked for Bearer authentication but got a 40X back anyway, which basically means our token isn't valid. */ - (*authp).avail = CURLAUTH_NONE; + unsafe{(*authp).avail = CURLAUTH_NONE; Curl_infof( data, b"Authentication problem. Ignoring this.\0" as *const u8 as *const libc::c_char, ); - (*data).state.set_authproblem(1 as bit); + (*data).state.set_authproblem(1 as bit);} } } /* there may be multiple methods on one line, so keep reading */ - while *auth as i32 != 0 && *auth as i32 != ',' as i32 { + while unsafe{ *auth as i32 != 0 && *auth as i32 != ',' as i32} { /* read up to the next comma */ - auth = auth.offset(1); + auth = unsafe{auth.offset(1)}; } - if *auth as i32 == ',' as i32 { + if unsafe{*auth as i32 == ',' as i32} { /* if we're on a comma, skip it */ - auth = auth.offset(1); + auth = unsafe{auth.offset(1)}; } - while *auth as i32 != 0 && Curl_isspace(*auth as u8 as i32) != 0 { - auth = auth.offset(1); + while unsafe{*auth as i32 != 0 && Curl_isspace(*auth as u8 as i32) != 0} { + auth = unsafe{auth.offset(1)}; } } @@ -1438,13 +1444,13 @@ pub unsafe extern "C" fn Curl_http_input_auth( * * @retval TRUE communications should not continue */ -unsafe extern "C" fn http_should_fail(mut data: *mut Curl_easy) -> bool { + extern "C" fn http_should_fail(mut data: *mut Curl_easy) -> bool { let mut httpcode: i32 = 0; #[cfg(all(DEBUGBUILD, HAVE_ASSERT_H))] if !data.is_null() { } else { - __assert_fail( + unsafe{ __assert_fail( b"data\0" as *const u8 as *const libc::c_char, b"http.c\0" as *const u8 as *const libc::c_char, 1090 as u32, @@ -1452,13 +1458,13 @@ unsafe extern "C" fn http_should_fail(mut data: *mut Curl_easy) -> bool { b"_Bool http_should_fail(struct Curl_easy *)\0", )) .as_ptr(), - ); + );} } #[cfg(all(DEBUGBUILD, HAVE_ASSERT_H))] - if !((*data).conn).is_null() { + if unsafe{!((*data).conn).is_null() }{ } else { - __assert_fail( + unsafe{ __assert_fail( b"data->conn\0" as *const u8 as *const libc::c_char, b"http.c\0" as *const u8 as *const libc::c_char, 1091 as u32, @@ -1466,16 +1472,16 @@ unsafe extern "C" fn http_should_fail(mut data: *mut Curl_easy) -> bool { b"_Bool http_should_fail(struct Curl_easy *)\0", )) .as_ptr(), - ); + );} } - httpcode = (*data).req.httpcode; + httpcode = unsafe{(*data).req.httpcode}; /* ** If we haven't been asked to fail on error, ** don't fail. */ - if ((*data).set).http_fail_on_error() == 0 { + if unsafe{((*data).set).http_fail_on_error() == 0} { return false; } @@ -1490,9 +1496,9 @@ unsafe extern "C" fn http_should_fail(mut data: *mut Curl_easy) -> bool { ** A 416 response to a resume request is presumably because the file is ** already completely downloaded and thus not actually a fail. */ - if (*data).state.resume_from != 0 + if unsafe{(*data).state.resume_from != 0 && (*data).state.httpreq as u32 == HTTPREQ_GET - && httpcode == 416 + && httpcode == 416} { return false; } @@ -1511,7 +1517,7 @@ unsafe extern "C" fn http_should_fail(mut data: *mut Curl_easy) -> bool { #[cfg(all(DEBUGBUILD, HAVE_ASSERT_H))] if httpcode == 401 || httpcode == 407 { } else { - __assert_fail( + unsafe{ __assert_fail( b"(httpcode == 401) || (httpcode == 407)\0" as *const u8 as *const libc::c_char, b"http.c\0" as *const u8 as *const libc::c_char, 1126 as u32, @@ -1519,7 +1525,7 @@ unsafe extern "C" fn http_should_fail(mut data: *mut Curl_easy) -> bool { b"_Bool http_should_fail(struct Curl_easy *)\0", )) .as_ptr(), - ); + );} } /* @@ -1540,14 +1546,14 @@ unsafe extern "C" fn http_should_fail(mut data: *mut Curl_easy) -> bool { ** Either we're not authenticating, or we're supposed to ** be authenticating something else. This is an error. */ - if httpcode == 401 && ((*(*data).conn).bits).user_passwd() == 0 { + if httpcode == 401 && unsafe{((*(*data).conn).bits).user_passwd() == 0} { return true; } #[cfg(not(CURL_DISABLE_PROXY))] - if httpcode == 407 && ((*(*data).conn).bits).proxy_user_passwd() == 0 { + if httpcode == 407 && unsafe{((*(*data).conn).bits).proxy_user_passwd() == 0 }{ return true; } - return ((*data).state).authproblem() != 0; + return unsafe{((*data).state).authproblem() != 0}; } /* @@ -1559,69 +1565,69 @@ unsafe extern "C" fn http_should_fail(mut data: *mut Curl_easy) -> bool { * Returns the amount of bytes it filled the buffer with. */ #[cfg(not(USE_HYPER))] -unsafe extern "C" fn readmoredata( + extern "C" fn readmoredata( mut buffer: *mut libc::c_char, mut size: size_t, mut nitems: size_t, mut userp: *mut libc::c_void, ) -> size_t { let mut data: *mut Curl_easy = userp as *mut Curl_easy; - let mut http: *mut HTTP = (*data).req.p.http; + let mut http: *mut HTTP = unsafe{(*data).req.p.http}; let mut fullsize: size_t = size.wrapping_mul(nitems); - if (*http).postsize == 0 { + if unsafe{(*http).postsize == 0 }{ /* nothing to return */ return 0 as size_t; } /* make sure that a HTTP request is never sent away chunked! */ - (*data).req.set_forbidchunk( + unsafe{ (*data).req.set_forbidchunk( (if (*http).sending as u32 == HTTPSEND_REQUEST { 1 } else { 0 }) as bit, - ); + );} /* speed limit */ - if (*data).set.max_send_speed != 0 + if unsafe{(*data).set.max_send_speed != 0 && (*data).set.max_send_speed < fullsize as curl_off_t - && (*data).set.max_send_speed < (*http).postsize + && (*data).set.max_send_speed < (*http).postsize} { - fullsize = (*data).set.max_send_speed as size_t; - } else if (*http).postsize <= fullsize as curl_off_t { - memcpy( + fullsize =unsafe{ (*data).set.max_send_speed as size_t}; + } else if unsafe{(*http).postsize <= fullsize as curl_off_t }{ + unsafe{memcpy( buffer as *mut libc::c_void, (*http).postdata as *const libc::c_void, (*http).postsize as size_t, - ); - fullsize = (*http).postsize as size_t; + );} + fullsize = unsafe{(*http).postsize as size_t}; - if (*http).backup.postsize != 0 { + if unsafe{(*http).backup.postsize != 0} { /* move backup data into focus and continue on that */ - (*http).postdata = (*http).backup.postdata; + unsafe{(*http).postdata = (*http).backup.postdata; (*http).postsize = (*http).backup.postsize; (*data).state.fread_func = (*http).backup.fread_func; (*data).state.in_0 = (*http).backup.fread_in; (*http).sending += 1; /* move one step up */ - (*http).backup.postsize = 0 as curl_off_t; + (*http).backup.postsize = 0 as curl_off_t;} } else { - (*http).postsize = 0 as curl_off_t; + unsafe{ (*http).postsize = 0 as curl_off_t;} } return fullsize; } - memcpy( + unsafe{memcpy( buffer as *mut libc::c_void, (*http).postdata as *const libc::c_void, fullsize, ); (*http).postdata = (*http).postdata.offset(fullsize as isize); - (*http).postsize = ((*http).postsize as u64).wrapping_sub(fullsize) as curl_off_t as curl_off_t; + (*http).postsize = ((*http).postsize as u64).wrapping_sub(fullsize) as curl_off_t;} return fullsize; } @@ -1634,7 +1640,7 @@ unsafe extern "C" fn readmoredata( */ #[cfg(not(USE_HYPER))] #[no_mangle] -pub unsafe extern "C" fn Curl_buffer_send( +pub extern "C" fn Curl_buffer_send( mut in_0: *mut dynbuf, mut data: *mut Curl_easy, /* add the number of sent bytes to this @@ -1648,8 +1654,8 @@ pub unsafe extern "C" fn Curl_buffer_send( let mut result: CURLcode = CURLE_OK; let mut ptr: *mut libc::c_char = 0 as *mut libc::c_char; let mut size: size_t = 0; - let mut conn: *mut connectdata = (*data).conn; - let mut http: *mut HTTP = (*data).req.p.http; + let mut conn: *mut connectdata = unsafe{(*data).conn}; + let mut http: *mut HTTP =unsafe{ (*data).req.p.http}; let mut sendsize: size_t = 0; let mut sockfd: curl_socket_t = 0; let mut headersize: size_t = 0; @@ -1657,7 +1663,7 @@ pub unsafe extern "C" fn Curl_buffer_send( #[cfg(all(DEBUGBUILD, HAVE_ASSERT_H))] if socketindex <= 1 { } else { - __assert_fail( + unsafe{ __assert_fail( b"socketindex <= 1\0" as *const u8 as *const libc::c_char, b"http.c\0" as *const u8 as *const libc::c_char, 1240 as u32, @@ -1668,16 +1674,16 @@ pub unsafe extern "C" fn Curl_buffer_send( b"CURLcode Curl_buffer_send(struct dynbuf *, struct Curl_easy *, curl_off_t *, curl_off_t, int)\0", )) .as_ptr(), - ); + );} } - sockfd = (*conn).sock[socketindex as usize]; + sockfd = unsafe{(*conn).sock[socketindex as usize]}; /* The looping below is required since we use non-blocking sockets, but due to the circumstances we will just loop and try again and again etc */ - ptr = Curl_dyn_ptr(in_0); - size = Curl_dyn_len(in_0); + ptr = unsafe{Curl_dyn_ptr(in_0)}; + size = unsafe{Curl_dyn_len(in_0)}; headersize = size.wrapping_sub(included_body_bytes as size_t); /* the initial part that isn't body is header */ @@ -1685,7 +1691,7 @@ pub unsafe extern "C" fn Curl_buffer_send( #[cfg(all(DEBUGBUILD, HAVE_ASSERT_H))] if size > included_body_bytes as size_t { } else { - __assert_fail( + unsafe{ __assert_fail( b"size > (size_t)included_body_bytes\0" as *const u8 as *const libc::c_char, b"http.c\0" as *const u8 as *const libc::c_char, 1253 as u32, @@ -1696,34 +1702,34 @@ pub unsafe extern "C" fn Curl_buffer_send( b"CURLcode Curl_buffer_send(struct dynbuf *, struct Curl_easy *, curl_off_t *, curl_off_t, int)\0", )) .as_ptr(), - ); + );} } result = CURLE_OK; /* Curl_convert_to_network calls failf if unsuccessful */ if result as u64 != 0 { /* conversion failed, free memory and return to the caller */ - Curl_dyn_free(in_0); + unsafe{Curl_dyn_free(in_0);} return result; } #[cfg(not(CURL_DISABLE_PROXY))] - let flag: bool = ((*(*conn).handler).flags & PROTOPT_SSL != 0 + let flag: bool = unsafe{((*(*conn).handler).flags & PROTOPT_SSL != 0 || (*conn).http_proxy.proxytype as u32 == CURLPROXY_HTTPS as u32) - && (*conn).httpversion as i32 != 20; + && (*conn).httpversion as i32 != 20}; #[cfg(CURL_DISABLE_PROXY)] - let flag: bool = (*(*conn).handler).flags & ((1 as i32) << 0 as i32) as u32 != 0 - && (*conn).httpversion as i32 != 20; + let flag: bool =unsafe{ (*(*conn).handler).flags & ((1 as i32) << 0 as i32) as u32 != 0 + && (*conn).httpversion as i32 != 20}; /* Make sure this doesn't send more body bytes than what the max send speed says. The request bytes do not count to the max speed. */ if flag { - if (*data).set.max_send_speed != 0 && included_body_bytes > (*data).set.max_send_speed { - let mut overflow: curl_off_t = included_body_bytes - (*data).set.max_send_speed; + if unsafe{(*data).set.max_send_speed != 0 && included_body_bytes > (*data).set.max_send_speed} { + let mut overflow: curl_off_t = unsafe{included_body_bytes - (*data).set.max_send_speed}; #[cfg(all(DEBUGBUILD, HAVE_ASSERT_H))] if (overflow as size_t) < size { } else { - __assert_fail( + unsafe{ __assert_fail( b"(size_t)overflow < size\0" as *const u8 as *const libc::c_char, b"http.c\0" as *const u8 as *const libc::c_char, 1275 as u32, @@ -1734,7 +1740,7 @@ pub unsafe extern "C" fn Curl_buffer_send( b"CURLcode Curl_buffer_send(struct dynbuf *, struct Curl_easy *, curl_off_t *, curl_off_t, int)\0", )) .as_ptr(), - ); + );} } sendsize = size.wrapping_sub(overflow as size_t); } else { @@ -1747,10 +1753,10 @@ pub unsafe extern "C" fn Curl_buffer_send( must copy the data to the uploadbuffer first, since that is the buffer we will be using if this send is retried later. */ - result = Curl_get_upload_buffer(data); + result = unsafe{Curl_get_upload_buffer(data)}; if result as u64 != 0 { /* malloc failed, free memory and return to the caller */ - Curl_dyn_free(in_0); + unsafe{Curl_dyn_free(in_0);} return result; } /* We never send more than upload_buffer_size bytes in one single chunk @@ -1758,16 +1764,16 @@ pub unsafe extern "C" fn Curl_buffer_send( needs to fit into the normal read-callback buffer later on and that buffer is using this size. */ - if sendsize > (*data).set.upload_buffer_size as size_t { - sendsize = (*data).set.upload_buffer_size as size_t; + if unsafe{sendsize > (*data).set.upload_buffer_size as size_t} { + sendsize = unsafe{(*data).set.upload_buffer_size as size_t}; } - memcpy( + unsafe{memcpy( (*data).state.ulbuf as *mut libc::c_void, ptr as *const libc::c_void, sendsize, - ); - ptr = (*data).state.ulbuf; + );} + ptr = unsafe{(*data).state.ulbuf}; } else { #[cfg(CURLDEBUG)] { @@ -1775,21 +1781,21 @@ pub unsafe extern "C" fn Curl_buffer_send( sends */ let mut p: *mut libc::c_char = - getenv(b"CURL_SMALLREQSEND\0" as *const u8 as *const libc::c_char); + unsafe{getenv(b"CURL_SMALLREQSEND\0" as *const u8 as *const libc::c_char)}; if !p.is_null() { - let mut altsize: size_t = strtoul(p, 0 as *mut *mut libc::c_char, 10); + let mut altsize: size_t = unsafe{strtoul(p, 0 as *mut *mut libc::c_char, 10)}; if altsize != 0 { sendsize = if size < altsize { size } else { altsize }; } else { sendsize = size; } - } else if (*data).set.max_send_speed != 0 - && included_body_bytes > (*data).set.max_send_speed + } else if unsafe{(*data).set.max_send_speed != 0 + && included_body_bytes > (*data).set.max_send_speed} { - let mut overflow_0: curl_off_t = included_body_bytes - (*data).set.max_send_speed; + let mut overflow_0: curl_off_t = unsafe{included_body_bytes - (*data).set.max_send_speed}; if (overflow_0 as size_t) < size { } else { - __assert_fail( + unsafe{ __assert_fail( b"(size_t)overflow < size\0" as *const u8 as *const libc::c_char, b"http.c\0" as *const u8 as *const libc::c_char, 1326 as u32, @@ -1800,7 +1806,7 @@ pub unsafe extern "C" fn Curl_buffer_send( b"CURLcode Curl_buffer_send(struct dynbuf *, struct Curl_easy *, curl_off_t *, curl_off_t, int)\0", )) .as_ptr(), - ); + );} } sendsize = size.wrapping_sub(overflow_0 as size_t); } else { @@ -1812,8 +1818,8 @@ pub unsafe extern "C" fn Curl_buffer_send( /* Make sure this doesn't send more body bytes than what the max send speed says. The request bytes do not count to the max speed. */ - if (*data).set.max_send_speed != 0 && included_body_bytes > (*data).set.max_send_speed { - let mut overflow_0: curl_off_t = included_body_bytes - (*data).set.max_send_speed; + if unsafe{(*data).set.max_send_speed != 0 && included_body_bytes > (*data).set.max_send_speed} { + let mut overflow_0: curl_off_t = unsafe{included_body_bytes - (*data).set.max_send_speed}; sendsize = size.wrapping_sub(overflow_0 as size_t); } else { sendsize = size; @@ -1821,13 +1827,13 @@ pub unsafe extern "C" fn Curl_buffer_send( } } - result = Curl_write( + result = unsafe{Curl_write( data, sockfd, ptr as *const libc::c_void, sendsize, &mut amount, - ); + )}; if result as u64 == 0 { /* @@ -1844,41 +1850,41 @@ pub unsafe extern "C" fn Curl_buffer_send( /* this data _may_ contain binary stuff */ let mut bodylen: size_t = (amount as u64).wrapping_sub(headlen); - Curl_debug(data, CURLINFO_HEADER_OUT, ptr, headlen); + unsafe{ Curl_debug(data, CURLINFO_HEADER_OUT, ptr, headlen);} if bodylen != 0 { /* there was body data sent beyond the initial header part, pass that on to the debug callback too */ - Curl_debug( + unsafe{ Curl_debug( data, CURLINFO_DATA_OUT, ptr.offset(headlen as isize), bodylen, - ); + );} } /* 'amount' can never be a very large value here so typecasting it so a signed 31 bit value should not cause problems even if ssize_t is 64bit */ - *bytes_written += amount; + unsafe{ *bytes_written += amount;} if !http.is_null() { /* if we sent a piece of the body here, up the byte counter for it accordingly */ - (*data).req.writebytecount = ((*data).req.writebytecount as u64).wrapping_add(bodylen) + unsafe{ (*data).req.writebytecount = ((*data).req.writebytecount as u64).wrapping_add(bodylen) as curl_off_t as curl_off_t; - Curl_pgrsSetUploadCounter(data, (*data).req.writebytecount); + Curl_pgrsSetUploadCounter(data, (*data).req.writebytecount);} if amount as size_t != size { /* The whole request could not be sent in one system call. We must queue it up and send it later when we get the chance. We must not loop here and wait until it might work again. */ - size = (size as u64).wrapping_sub(amount as u64) as size_t as size_t; + size = (size as u64).wrapping_sub(amount as u64) as size_t; - ptr = (Curl_dyn_ptr(in_0)).offset(amount as isize); + ptr = unsafe{(Curl_dyn_ptr(in_0)).offset(amount as isize)}; /* backup the currently set pointers */ - (*http).backup.fread_func = (*data).state.fread_func; + unsafe{(*http).backup.fread_func = (*data).state.fread_func; (*http).backup.fread_in = (*data).state.in_0; (*http).backup.postdata = (*http).postdata; (*http).backup.postsize = (*http).postsize; @@ -1910,11 +1916,11 @@ pub unsafe extern "C" fn Curl_buffer_send( /* this much data is remaining header: */ (*data).req.pendingheader = headersize.wrapping_sub(headlen) as curl_off_t; (*http).send_buffer = *in_0; /* copy the whole struct */ - (*http).sending = HTTPSEND_REQUEST; + (*http).sending = HTTPSEND_REQUEST;} return CURLE_OK; } - (*http).sending = HTTPSEND_BODY; + unsafe{ (*http).sending = HTTPSEND_BODY;} } else if amount as size_t != size { /* We have no continue-send mechanism now, fail. This can only happen when this function is used from the CONNECT sending function. We @@ -1926,10 +1932,10 @@ pub unsafe extern "C" fn Curl_buffer_send( return CURLE_SEND_ERROR; } } - Curl_dyn_free(in_0); + unsafe{ Curl_dyn_free(in_0); /* no remaining header data */ - (*data).req.pendingheader = 0 as curl_off_t; + (*data).req.pendingheader = 0 as curl_off_t;} return result; } @@ -1952,7 +1958,7 @@ pub extern "C" fn Curl_buffer_send( * Pass headers WITH the colon. */ #[no_mangle] -pub unsafe extern "C" fn Curl_compareheader( +pub extern "C" fn Curl_compareheader( mut headerline: *const libc::c_char, /* line to check */ mut header: *const libc::c_char, /* header keyword _with_ colon */ mut content: *const libc::c_char, /* content string to find */ @@ -1962,46 +1968,46 @@ pub unsafe extern "C" fn Curl_compareheader( * The field value MAY be preceded by any amount of LWS, though a single SP * is preferred." */ - let mut hlen: size_t = strlen(header); + let mut hlen: size_t = unsafe{strlen(header)}; let mut clen: size_t = 0; let mut len: size_t = 0; let mut start: *const libc::c_char = 0 as *const libc::c_char; let mut end: *const libc::c_char = 0 as *const libc::c_char; - if Curl_strncasecompare(headerline, header, hlen) == 0 { + if unsafe{Curl_strncasecompare(headerline, header, hlen) == 0} { return false; /* doesn't start with header */ } /* pass the header */ - start = &*headerline.offset(hlen as isize) as *const libc::c_char; + start = unsafe{&*headerline.offset(hlen as isize) as *const libc::c_char}; /* pass all whitespace */ - while *start as i32 != 0 && Curl_isspace(*start as u8 as i32) != 0 { - start = start.offset(1); + while unsafe{*start as i32 != 0 && Curl_isspace(*start as u8 as i32) != 0} { + start = unsafe{start.offset(1)}; } /* find the end of the header line */ - end = strchr(start, '\r' as i32); /* lines end with CRLF */ + end = unsafe{strchr(start, '\r' as i32)}; /* lines end with CRLF */ if end.is_null() { /* in case there's a non-standard compliant line here */ - end = strchr(start, '\n' as i32); + end = unsafe{strchr(start, '\n' as i32)}; if end.is_null() { /* hm, there's no line ending here, use the zero byte! */ - end = strchr(start, '\0' as i32); + end = unsafe{strchr(start, '\0' as i32)}; } } - len = end.offset_from(start) as i64 as size_t; /* length of the content part of the input line */ - clen = strlen(content); /* length of the word to find */ + len = unsafe{end.offset_from(start) as size_t}; /* length of the content part of the input line */ + clen = unsafe{strlen(content)}; /* length of the word to find */ /* find the content string in the rest of the line */ while len >= clen { - if Curl_strncasecompare(start, content, clen) != 0 { + if unsafe{Curl_strncasecompare(start, content, clen) != 0} { return true; /* match! */ } len = len.wrapping_sub(1); - start = start.offset(1); + start = unsafe{start.offset(1)}; } return false; /* no match */ } @@ -2011,47 +2017,47 @@ pub unsafe extern "C" fn Curl_compareheader( * the generic Curl_connect(). */ #[no_mangle] -pub unsafe extern "C" fn Curl_http_connect( +pub extern "C" fn Curl_http_connect( mut data: *mut Curl_easy, mut done: *mut bool, ) -> CURLcode { let mut result: CURLcode = CURLE_OK; - let mut conn: *mut connectdata = (*data).conn; + let mut conn: *mut connectdata = unsafe{(*data).conn}; /* We default to persistent connections. We set this already in this connect function to make the re-use checks properly be able to check this bit. */ - #[cfg(not(all(DEBUGBUILD, not(CURL_DISABLE_VERBOSE_STRINGS))))] + unsafe{ #[cfg(not(all(DEBUGBUILD, not(CURL_DISABLE_VERBOSE_STRINGS))))] Curl_conncontrol(conn, FIRSTSOCKET); #[cfg(all(DEBUGBUILD, not(CURL_DISABLE_VERBOSE_STRINGS)))] Curl_conncontrol( conn, FIRSTSOCKET, b"HTTP default\0" as *const u8 as *const libc::c_char, - ); + );} match () { #[cfg(not(CURL_DISABLE_PROXY))] _ => { /* the CONNECT procedure might not have been completed */ - result = Curl_proxy_connect(data, 0 as i32); + result = unsafe{Curl_proxy_connect(data, 0 as i32)}; if result as u64 != 0 { return result; } - if ((*conn).bits).proxy_connect_closed() != 0 { + if unsafe{ ((*conn).bits).proxy_connect_closed() != 0} { /* this is not an error, just part of the connection negotiation */ return CURLE_OK; } - if (*conn).http_proxy.proxytype as u32 == CURLPROXY_HTTPS as i32 as u32 - && !(*conn).bits.proxy_ssl_connected[0 as i32 as usize] + if unsafe{(*conn).http_proxy.proxytype as u32 == CURLPROXY_HTTPS as u32 + && !(*conn).bits.proxy_ssl_connected[0 as usize]} { return CURLE_OK; /* wait for HTTPS proxy SSL initialization to complete */ } - if Curl_connect_ongoing(conn) { + if unsafe{Curl_connect_ongoing(conn)} { /* nothing else to do except wait right now - we're not done here. */ return CURLE_OK; } - if ((*data).set).haproxyprotocol() != 0 { + if unsafe{((*data).set).haproxyprotocol() != 0 }{ /* add HAProxy PROXY protocol header */ result = add_haproxy_protocol_header(data); if result as u64 != 0 { @@ -2062,14 +2068,14 @@ pub unsafe extern "C" fn Curl_http_connect( #[cfg(CURL_DISABLE_PROXY)] _ => {} } - if (*(*conn).given).protocol & CURLPROTO_HTTPS != 0 { + if unsafe{(*(*conn).given).protocol & CURLPROTO_HTTPS != 0} { /* perform SSL initialization */ result = https_connecting(data, done); if result as u64 != 0 { return result; } } else { - *done = true; + unsafe{ *done = true;} } return CURLE_OK; } @@ -2077,18 +2083,18 @@ pub unsafe extern "C" fn Curl_http_connect( /* this returns the socket to wait for in the DO and DOING state for the multi interface and then we're always _sending_ a request and thus we wait for the single socket to become writable only */ -unsafe extern "C" fn http_getsock_do( + extern "C" fn http_getsock_do( mut data: *mut Curl_easy, mut conn: *mut connectdata, mut socks: *mut curl_socket_t, ) -> i32 { /* write mode */ - *socks.offset(0 as isize) = (*conn).sock[FIRSTSOCKET as usize]; + unsafe{*socks.offset(0 as isize) = (*conn).sock[FIRSTSOCKET as usize];} return GETSOCK_WRITESOCK(0); } #[cfg(not(CURL_DISABLE_PROXY))] -unsafe extern "C" fn add_haproxy_protocol_header(mut data: *mut Curl_easy) -> CURLcode { + extern "C" fn add_haproxy_protocol_header(mut data: *mut Curl_easy) -> CURLcode { let mut req: dynbuf = dynbuf { bufr: 0 as *mut libc::c_char, leng: 0, @@ -2101,9 +2107,9 @@ unsafe extern "C" fn add_haproxy_protocol_header(mut data: *mut Curl_easy) -> CU let mut tcp_version: *const libc::c_char = 0 as *const libc::c_char; #[cfg(all(DEBUGBUILD, HAVE_ASSERT_H))] - if !((*data).conn).is_null() { + if unsafe{!((*data).conn).is_null()} { } else { - __assert_fail( + unsafe{__assert_fail( b"data->conn\0" as *const u8 as *const libc::c_char, b"http.c\0" as *const u8 as *const libc::c_char, 1546 as u32, @@ -2111,27 +2117,27 @@ unsafe extern "C" fn add_haproxy_protocol_header(mut data: *mut Curl_easy) -> CU b"CURLcode add_haproxy_protocol_header(struct Curl_easy *)\0", )) .as_ptr(), - ); + );} } - Curl_dyn_init(&mut req, 2048 as size_t); + unsafe{Curl_dyn_init(&mut req, 2048 as size_t);} #[cfg(USE_UNIX_SOCKETS)] - let flag: bool = !((*(*data).conn).unix_domain_socket).is_null(); + let flag: bool = unsafe{!((*(*data).conn).unix_domain_socket).is_null()}; #[cfg(not(USE_UNIX_SOCKETS))] let flag: bool = false; if flag { /* the buffer is large enough to hold this! */ - result = Curl_dyn_add( + result = unsafe{Curl_dyn_add( &mut req, b"PROXY UNKNOWN\r\n\0" as *const u8 as *const libc::c_char, - ); + )}; } else { /* Emit the correct prefix for IPv6 */ - tcp_version = if ((*(*data).conn).bits).ipv6() as i32 != 0 { + tcp_version = if unsafe{((*(*data).conn).bits).ipv6() as i32 != 0 }{ b"TCP6\0" as *const u8 as *const libc::c_char } else { b"TCP4\0" as *const u8 as *const libc::c_char }; - result = Curl_dyn_addf( + result = unsafe{Curl_dyn_addf( &mut req as *mut dynbuf, b"PROXY %s %s %s %i %i\r\n\0" as *const u8 as *const libc::c_char, tcp_version, @@ -2139,30 +2145,30 @@ unsafe extern "C" fn add_haproxy_protocol_header(mut data: *mut Curl_easy) -> CU ((*data).info.conn_primary_ip).as_mut_ptr(), (*data).info.conn_local_port, (*data).info.conn_primary_port, - ); + )}; } if result as u64 == 0 { - result = Curl_buffer_send( + result = unsafe{Curl_buffer_send( &mut req, data, &mut (*data).info.request_size, 0 as curl_off_t, FIRSTSOCKET, - ); + )}; } return result; } #[cfg(USE_SSL)] -unsafe extern "C" fn https_connecting(mut data: *mut Curl_easy, mut done: *mut bool) -> CURLcode { + extern "C" fn https_connecting(mut data: *mut Curl_easy, mut done: *mut bool) -> CURLcode { let mut result: CURLcode = CURLE_OK; - let mut conn: *mut connectdata = (*data).conn; + let mut conn: *mut connectdata = unsafe{(*data).conn}; #[cfg(all(DEBUGBUILD, HAVE_ASSERT_H))] - if !data.is_null() && (*(*(*data).conn).handler).flags & ((1 as i32) << 0 as i32) as u32 != 0 { + if unsafe{!data.is_null() && (*(*(*data).conn).handler).flags & ((1 as i32) << 0 as i32) as u32 != 0} { } else { - __assert_fail( + unsafe{__assert_fail( b"(data) && (data->conn->handler->flags & (1<<0))\0" as *const u8 as *const libc::c_char, b"http.c\0" as *const u8 as *const libc::c_char, @@ -2171,17 +2177,17 @@ unsafe extern "C" fn https_connecting(mut data: *mut Curl_easy, mut done: *mut b b"CURLcode https_connecting(struct Curl_easy *, _Bool *)\0", )) .as_ptr(), - ); + );} } #[cfg(ENABLE_QUIC)] - if (*conn).transport as u32 == TRNSPRT_QUIC as i32 as u32 { - *done = true; + if unsafe{(*conn).transport as u32 == TRNSPRT_QUIC as u32} { + unsafe{ *done = true;} return CURLE_OK; } /* perform SSL initialization for this socket */ - result = Curl_ssl_connect_nonblocking(data, conn, false, 0, done); - if result as u64 != 0 { + result = unsafe{Curl_ssl_connect_nonblocking(data, conn, false, 0, done)}; + if result as u64 != 0 {unsafe{ #[cfg(not(all(DEBUGBUILD, not(CURL_DISABLE_VERBOSE_STRINGS))))] Curl_conncontrol(conn, 1); #[cfg(all(DEBUGBUILD, not(CURL_DISABLE_VERBOSE_STRINGS)))] @@ -2189,40 +2195,40 @@ unsafe extern "C" fn https_connecting(mut data: *mut Curl_easy, mut done: *mut b conn, 1, b"Failed HTTPS connection\0" as *const u8 as *const libc::c_char, - ); + );} } return result; } #[cfg(not(USE_SSL))] -unsafe extern "C" fn https_connecting(mut data: *mut Curl_easy, mut done: *mut bool) -> CURLcode { + extern "C" fn https_connecting(mut data: *mut Curl_easy, mut done: *mut bool) -> CURLcode { return CURLE_COULDNT_CONNECT; } #[cfg(USE_SSL)] -unsafe extern "C" fn https_getsock( + extern "C" fn https_getsock( mut data: *mut Curl_easy, mut conn: *mut connectdata, mut socks: *mut curl_socket_t, ) -> i32 { - if (*(*conn).handler).flags & PROTOPT_SSL != 0 { - return ((*Curl_ssl).getsock).expect("non-null function pointer")(conn, socks); + if unsafe{(*(*conn).handler).flags & PROTOPT_SSL != 0} { + return unsafe{((*Curl_ssl).getsock).expect("non-null function pointer")(conn, socks)}; } return 0; } #[no_mangle] -pub unsafe extern "C" fn Curl_http_done( +pub extern "C" fn Curl_http_done( mut data: *mut Curl_easy, mut status: CURLcode, mut premature: bool, ) -> CURLcode { - let mut conn: *mut connectdata = (*data).conn; - let mut http: *mut HTTP = (*data).req.p.http; + let mut conn: *mut connectdata = unsafe{(*data).conn}; + let mut http: *mut HTTP = unsafe{(*data).req.p.http}; /* Clear multipass flag. If authentication isn't done yet, then it will get * a chance to be set back to true when we output the next auth header */ - (*data).state.authhost.set_multipass(0 as bit); + unsafe{(*data).state.authhost.set_multipass(0 as bit); (*data).state.authproxy.set_multipass(0 as bit); Curl_unencode_cleanup(data); @@ -2230,11 +2236,11 @@ pub unsafe extern "C" fn Curl_http_done( /* set the proper values (possibly modified on POST) */ (*conn).seek_func = (*data).set.seek_func; /* restore */ (*conn).seek_client = (*data).set.seek_client; /* restore */ - + } if http.is_null() { return CURLE_OK; } - + unsafe{ Curl_dyn_free(&mut (*http).send_buffer); Curl_http2_done(data, premature); #[cfg(any( @@ -2245,23 +2251,23 @@ pub unsafe extern "C" fn Curl_http_done( Curl_mime_cleanpart(&mut (*http).form); Curl_dyn_reset(&mut (*data).state.headerb); #[cfg(all(not(CURL_DISABLE_HTTP), USE_HYPER))] - Curl_hyper_done(data); + Curl_hyper_done(data);} if status as u64 != 0 { return status; } - if !premature /* this check is pointless when DONE is called before the + if unsafe{!premature /* this check is pointless when DONE is called before the entire operation is complete */ && ((*conn).bits).retry() == 0 && ((*data).set).connect_only() == 0 && (*data).req.bytecount + (*data).req.headerbytecount - (*data).req.deductheadercount - <= 0 as i64 + <= 0 as i64} { /* If this connection isn't simply closed to be retried, AND nothing was read from the HTTP server (that counts), this can't be right so we return an error here */ - Curl_failf( + unsafe{Curl_failf( data, b"Empty reply from server\0" as *const u8 as *const libc::c_char, ); @@ -2273,7 +2279,7 @@ pub unsafe extern "C" fn Curl_http_done( conn, 2, b"Empty reply from server\0" as *const u8 as *const libc::c_char, - ); + );} return CURLE_GOT_NOTHING; } return CURLE_OK; @@ -2289,35 +2295,35 @@ pub unsafe extern "C" fn Curl_http_done( * 1.0. */ #[no_mangle] -pub unsafe extern "C" fn Curl_use_http_1_1plus( +pub extern "C" fn Curl_use_http_1_1plus( mut data: *const Curl_easy, mut conn: *const connectdata, ) -> bool { - if (*data).state.httpversion as i32 == 10 || (*conn).httpversion as i32 == 10 { + if unsafe{(*data).state.httpversion as i32 == 10 || (*conn).httpversion as i32 == 10} { return false; } - if (*data).state.httpwant as i32 == CURL_HTTP_VERSION_1_0 as i32 - && (*conn).httpversion as i32 <= 10 + if unsafe{(*data).state.httpwant as i32 == CURL_HTTP_VERSION_1_0 as i32 + && (*conn).httpversion as i32 <= 10} { return false; } - return (*data).state.httpwant as i32 == CURL_HTTP_VERSION_NONE as i32 - || (*data).state.httpwant as i32 >= CURL_HTTP_VERSION_1_1 as i32; + return unsafe{(*data).state.httpwant as i32 == CURL_HTTP_VERSION_NONE as i32 + || (*data).state.httpwant as i32 >= CURL_HTTP_VERSION_1_1 as i32}; } #[cfg(not(USE_HYPER))] -unsafe extern "C" fn get_http_string( + extern "C" fn get_http_string( mut data: *const Curl_easy, mut conn: *const connectdata, ) -> *const libc::c_char { #[cfg(ENABLE_QUIC)] - if (*data).state.httpwant as i32 == CURL_HTTP_VERSION_3 as i32 - || (*conn).httpversion as i32 == 30 + if unsafe{(*data).state.httpwant as i32 == CURL_HTTP_VERSION_3 as i32 + || (*conn).httpversion as i32 == 30} { return b"3\0" as *const u8 as *const libc::c_char; } #[cfg(USE_NGHTTP2)] - if !((*conn).proto.httpc.h2).is_null() { + if !(unsafe{(*conn).proto.httpc.h2}).is_null() { return b"2\0" as *const u8 as *const libc::c_char; } if Curl_use_http_1_1plus(data, conn) { @@ -2327,36 +2333,36 @@ unsafe extern "C" fn get_http_string( } /* check and possibly add an Expect: header */ -unsafe extern "C" fn expect100( + extern "C" fn expect100( mut data: *mut Curl_easy, mut conn: *mut connectdata, mut req: *mut dynbuf, ) -> CURLcode { let mut result: CURLcode = CURLE_OK; - (*data).state.set_expect100header(0 as bit); /* default to false unless it is set + unsafe{(*data).state.set_expect100header(0 as bit);} /* default to false unless it is set to TRUE below */ - if ((*data).state).disableexpect() == 0 + if unsafe{((*data).state).disableexpect() == 0 && Curl_use_http_1_1plus(data, conn) as i32 != 0 - && ((*conn).httpversion as i32) < 20 + && ((*conn).httpversion as i32) < 20} { /* if not doing HTTP 1.0 or version 2, or disabled explicitly, we add an Expect: 100-continue to the headers which actually speeds up post operations (as there is one packet coming back from the web server) */ let mut ptr: *const libc::c_char = - Curl_checkheaders(data, b"Expect\0" as *const u8 as *const libc::c_char); + unsafe{Curl_checkheaders(data, b"Expect\0" as *const u8 as *const libc::c_char)}; if !ptr.is_null() { - (*data).state.set_expect100header(Curl_compareheader( + unsafe{(*data).state.set_expect100header(Curl_compareheader( ptr, b"Expect:\0" as *const u8 as *const libc::c_char, b"100-continue\0" as *const u8 as *const libc::c_char, - ) as bit); + ) as bit);} } else { - result = Curl_dyn_add( + result = unsafe{Curl_dyn_add( req, b"Expect: 100-continue\r\n\0" as *const u8 as *const libc::c_char, - ); + )}; if result as u64 == 0 { - (*data).state.set_expect100header(1 as bit); + unsafe{(*data).state.set_expect100header(1 as bit);} } } } @@ -2364,7 +2370,7 @@ unsafe extern "C" fn expect100( } #[no_mangle] -pub unsafe extern "C" fn Curl_http_compile_trailers( +pub extern "C" fn Curl_http_compile_trailers( mut trailers: *mut curl_slist, mut b: *mut dynbuf, mut handle: *mut Curl_easy, @@ -2376,9 +2382,9 @@ pub unsafe extern "C" fn Curl_http_compile_trailers( // TODO 测试通过后,把注释删掉 let flag: bool = if cfg!(CURL_DO_LINEEND_CONV) { - ((*handle).state).prefer_ascii() as i32 != 0 || ((*handle).set).crlf() as i32 != 0 + unsafe{ ((*handle).state).prefer_ascii() as i32 != 0 || ((*handle).set).crlf() as i32 != 0} } else { - ((*handle).set).crlf() as i32 != 0 + unsafe{ ((*handle).set).crlf() as i32 != 0} /* \n will become \r\n later on */ }; if flag { @@ -2390,37 +2396,37 @@ pub unsafe extern "C" fn Curl_http_compile_trailers( } while !trailers.is_null() { /* only add correctly formatted trailers */ - ptr = strchr((*trailers).data, ':' as i32); - if !ptr.is_null() && *ptr.offset(1 as isize) as i32 == ' ' as i32 { - result = Curl_dyn_add(b, (*trailers).data); + ptr = unsafe{strchr((*trailers).data, ':' as i32)}; + if unsafe{!ptr.is_null() && *ptr.offset(1 as isize) as i32 == ' ' as i32} { + result = unsafe{Curl_dyn_add(b, (*trailers).data)}; if result as u64 != 0 { return result; } - result = Curl_dyn_add(b, endofline_native); + result = unsafe{Curl_dyn_add(b, endofline_native)}; if result as u64 != 0 { return result; } } else { - Curl_infof( + unsafe{Curl_infof( handle, b"Malformatted trailing header ! Skipping trailer.\0" as *const u8 as *const libc::c_char, - ); + );} } - trailers = (*trailers).next; + trailers =unsafe{ (*trailers).next}; } - result = Curl_dyn_add(b, endofline_network); + result = unsafe{Curl_dyn_add(b, endofline_network)}; return result; } #[cfg(USE_HYPER)] #[no_mangle] -pub unsafe extern "C" fn Curl_add_custom_headers( +pub extern "C" fn Curl_add_custom_headers( mut data: *mut Curl_easy, mut is_connect: bool, mut req: *mut dynbuf, ) -> CURLcode { - let mut conn: *mut connectdata = (*data).conn; + let mut conn: *mut connectdata = unsafe{(*data).conn}; let mut ptr: *mut libc::c_char = 0 as *mut libc::c_char; let mut h: [*mut curl_slist; 2] = [0 as *mut curl_slist; 2]; let mut headers: *mut curl_slist = 0 as *mut curl_slist; @@ -2430,7 +2436,7 @@ pub unsafe extern "C" fn Curl_add_custom_headers( if is_connect { proxy = HEADER_CONNECT; } else { - proxy = (if ((*conn).bits).httpproxy() as i32 != 0 && ((*conn).bits).tunnel_proxy() == 0 { + proxy = (if unsafe{((*conn).bits).httpproxy() as i32 != 0 && ((*conn).bits).tunnel_proxy() == 0} { HEADER_PROXY as i32 } else { HEADER_SERVER as i32 @@ -2438,20 +2444,20 @@ pub unsafe extern "C" fn Curl_add_custom_headers( } match proxy as u32 { 0 => { - h[0 as usize] = (*data).set.headers; + h[0 as usize] = unsafe{(*data).set.headers}; } 1 => { - h[0 as usize] = (*data).set.headers; - if ((*data).set).sep_headers() != 0 { - h[1 as usize] = (*data).set.proxyheaders; + h[0 as usize] = unsafe{(*data).set.headers}; + if unsafe{((*data).set).sep_headers() != 0} { + h[1 as usize] = unsafe{(*data).set.proxyheaders}; numlists += 1; } } 2 => { - if ((*data).set).sep_headers() != 0 { - h[0 as usize] = (*data).set.proxyheaders; + if unsafe{((*data).set).sep_headers() != 0 }{ + h[0 as usize] = unsafe{(*data).set.proxyheaders}; } else { - h[0 as usize] = (*data).set.headers; + h[0 as usize] = unsafe{(*data).set.headers}; } } _ => {} @@ -2461,85 +2467,85 @@ pub unsafe extern "C" fn Curl_add_custom_headers( headers = h[i as usize]; while !headers.is_null() { let mut semicolonp: *mut libc::c_char = 0 as *mut libc::c_char; - ptr = strchr((*headers).data, ':' as i32); + ptr = unsafe{strchr((*headers).data, ':' as i32)}; if ptr.is_null() { let mut optr: *mut libc::c_char = 0 as *mut libc::c_char; - ptr = strchr((*headers).data, ';' as i32); + ptr = unsafe{strchr((*headers).data, ';' as i32)}; if !ptr.is_null() { optr = ptr; - ptr = ptr.offset(1); - while *ptr as i32 != 0 && Curl_isspace(*ptr as u8 as i32) != 0 { - ptr = ptr.offset(1); + ptr = unsafe{ptr.offset(1)}; + while unsafe{*ptr as i32 != 0 && Curl_isspace(*ptr as u8 as i32) != 0} { + ptr = unsafe{ptr.offset(1)}; } - if *ptr != 0 { + if unsafe{*ptr != 0} { optr = 0 as *mut libc::c_char; } else { - ptr = ptr.offset(-1); - if *ptr as i32 == ';' as i32 { + ptr = unsafe{ptr.offset(-1)}; + if unsafe{*ptr as i32 == ';' as i32 }{ match () { #[cfg(not(all(DEBUGBUILD, not(CURL_DISABLE_VERBOSE_STRINGS))))] _ => { - semicolonp = Curl_cstrdup.expect("non-null function pointer")( + semicolonp =unsafe{ Curl_cstrdup.expect("non-null function pointer")( (*headers).data, - ); + )}; } #[cfg(all(DEBUGBUILD, not(CURL_DISABLE_VERBOSE_STRINGS)))] _ => { - semicolonp = curl_dbg_strdup( + semicolonp = unsafe{curl_dbg_strdup( (*headers).data, 1857 as i32, b"http.c\0" as *const u8 as *const libc::c_char, - ); + )}; } } if semicolonp.is_null() { - Curl_dyn_free(req); + unsafe{Curl_dyn_free(req);} return CURLE_OUT_OF_MEMORY; } - *semicolonp.offset(ptr.offset_from((*headers).data) as i64 as isize) = - ':' as i32 as libc::c_char; - optr = &mut *semicolonp + unsafe{ *semicolonp.offset(ptr.offset_from((*headers).data) as i64 as isize) = + ':' as i32 as libc::c_char;} + optr =unsafe{ &mut *semicolonp .offset(ptr.offset_from((*headers).data) as i64 as isize) - as *mut libc::c_char; + as *mut libc::c_char}; } } ptr = optr; } } if !ptr.is_null() { - ptr = ptr.offset(1); - while *ptr as i32 != 0 && Curl_isspace(*ptr as u8 as i32) != 0 { - ptr = ptr.offset(1); + ptr =unsafe{ ptr.offset(1)}; + while unsafe{*ptr as i32 != 0 && Curl_isspace(*ptr as u8 as i32) != 0 }{ + ptr = unsafe{ptr.offset(1)}; } - if *ptr as i32 != 0 || !semicolonp.is_null() { + if unsafe{*ptr as i32 != 0 || !semicolonp.is_null()} { let mut result: CURLcode = CURLE_OK; let mut compare: *mut libc::c_char = if !semicolonp.is_null() { semicolonp } else { - (*headers).data + unsafe{(*headers).data} }; - if !(!((*data).state.aptr.host).is_null() + if unsafe{!(!((*data).state.aptr.host).is_null() && curl_strnequal( b"Host:\0" as *const u8 as *const libc::c_char, compare, strlen(b"Host:\0" as *const u8 as *const libc::c_char), - ) != 0) + ) != 0)} { - if !((*data).state.httpreq as u32 == HTTPREQ_POST_FORM as i32 as u32 + if unsafe{!((*data).state.httpreq as u32 == HTTPREQ_POST_FORM as i32 as u32 && curl_strnequal( b"Content-Type:\0" as *const u8 as *const libc::c_char, compare, strlen(b"Content-Type:\0" as *const u8 as *const libc::c_char), - ) != 0) + ) != 0)} { - if !((*data).state.httpreq as u32 == HTTPREQ_POST_MIME as i32 as u32 + if unsafe{!((*data).state.httpreq as u32 == HTTPREQ_POST_MIME as i32 as u32 && curl_strnequal( b"Content-Type:\0" as *const u8 as *const libc::c_char, compare, strlen(b"Content-Type:\0" as *const u8 as *const libc::c_char), - ) != 0) + ) != 0)} { - if !(((*conn).bits).authneg() as i32 != 0 + if unsafe{!(((*conn).bits).authneg() as i32 != 0 && curl_strnequal( b"Content-Length:\0" as *const u8 as *const libc::c_char, compare, @@ -2547,9 +2553,9 @@ pub unsafe extern "C" fn Curl_add_custom_headers( b"Content-Length:\0" as *const u8 as *const libc::c_char, ), - ) != 0) + ) != 0)} { - if !(!((*data).state.aptr.te).is_null() + if unsafe{!(!((*data).state.aptr.te).is_null() && curl_strnequal( b"Connection:\0" as *const u8 as *const libc::c_char, compare, @@ -2557,9 +2563,9 @@ pub unsafe extern "C" fn Curl_add_custom_headers( b"Connection:\0" as *const u8 as *const libc::c_char, ), - ) != 0) + ) != 0)} { - if !((*conn).httpversion as i32 >= 20 as i32 + if unsafe{!((*conn).httpversion as i32 >= 20 as i32 && curl_strnequal( b"Transfer-Encoding:\0" as *const u8 as *const libc::c_char, @@ -2568,9 +2574,9 @@ pub unsafe extern "C" fn Curl_add_custom_headers( b"Transfer-Encoding:\0" as *const u8 as *const libc::c_char, ), - ) != 0) + ) != 0)} { - if !((curl_strnequal( + if unsafe{!((curl_strnequal( b"Authorization:\0" as *const u8 as *const libc::c_char, compare, @@ -2595,13 +2601,13 @@ pub unsafe extern "C" fn Curl_add_custom_headers( && Curl_strcasecompare( (*data).state.first_host, (*conn).host.name, - ) == 0)) + ) == 0))} { - result = Curl_hyper_header( + result = unsafe{Curl_hyper_header( data, req as *mut hyper_headers, compare, - ); + )}; } } } @@ -2611,22 +2617,22 @@ pub unsafe extern "C" fn Curl_add_custom_headers( } if !semicolonp.is_null() { #[cfg(not(CURLDEBUG))] - Curl_cfree.expect("non-null function pointer")( + unsafe{ Curl_cfree.expect("non-null function pointer")( semicolonp as *mut libc::c_void, - ); + );} #[cfg(CURLDEBUG)] - curl_dbg_free( + unsafe{ curl_dbg_free( semicolonp as *mut libc::c_void, 1929 as i32, b"http.c\0" as *const u8 as *const libc::c_char, - ); + );} } if result as u64 != 0 { return result; } } } - headers = (*headers).next; + headers = unsafe{(*headers).next}; } i += 1; } @@ -2639,12 +2645,12 @@ const HEADER_CONNECT: u32 = 2; /* sending CONNECT to a proxy */ #[cfg(not(USE_HYPER))] #[no_mangle] -pub unsafe extern "C" fn Curl_add_custom_headers( +pub extern "C" fn Curl_add_custom_headers( mut data: *mut Curl_easy, mut is_connect: bool, mut req: *mut dynbuf, ) -> CURLcode { - let mut conn: *mut connectdata = (*data).conn; + let mut conn: *mut connectdata = unsafe{(*data).conn}; let mut ptr: *mut libc::c_char = 0 as *mut libc::c_char; let mut h: [*mut curl_slist; 2] = [0 as *mut curl_slist; 2]; let mut headers: *mut curl_slist = 0 as *mut curl_slist; @@ -2658,8 +2664,8 @@ pub unsafe extern "C" fn Curl_add_custom_headers( if is_connect { proxy = HEADER_CONNECT; } else { - proxy = (if ((*conn).bits).httpproxy() as i32 != 0 - && ((*conn).bits).tunnel_proxy() == 0 + proxy = (if unsafe{((*conn).bits).httpproxy() as i32 != 0 + && ((*conn).bits).tunnel_proxy() == 0} { HEADER_PROXY as i32 } else { @@ -2668,20 +2674,20 @@ pub unsafe extern "C" fn Curl_add_custom_headers( } match proxy as u32 { HEADER_SERVER => { - h[0 as usize] = (*data).set.headers; + h[0 as usize] = unsafe{(*data).set.headers}; } HEADER_PROXY => { - h[0 as usize] = (*data).set.headers; - if ((*data).set).sep_headers() != 0 { - h[1 as usize] = (*data).set.proxyheaders; + h[0 as usize] = unsafe{(*data).set.headers}; + if unsafe{((*data).set).sep_headers() != 0} { + h[1 as usize] =unsafe{ (*data).set.proxyheaders}; numlists += 1; } } HEADER_CONNECT => { - if ((*data).set).sep_headers() != 0 { - h[0 as usize] = (*data).set.proxyheaders; + if unsafe{((*data).set).sep_headers() != 0} { + h[0 as usize] = unsafe{(*data).set.proxyheaders}; } else { - h[0 as usize] = (*data).set.headers; + h[0 as usize] = unsafe{(*data).set.headers}; } } _ => {} @@ -2689,7 +2695,7 @@ pub unsafe extern "C" fn Curl_add_custom_headers( } #[cfg(CURL_DISABLE_PROXY)] _ => { - h[0 as usize] = (*data).set.headers; + h[0 as usize] = unsafe{(*data).set.headers}; } } @@ -2700,53 +2706,53 @@ pub unsafe extern "C" fn Curl_add_custom_headers( while !headers.is_null() { let mut semicolonp: *mut libc::c_char = 0 as *mut libc::c_char; - ptr = strchr((*headers).data, ':' as i32); + ptr = unsafe{strchr((*headers).data, ':' as i32)}; if ptr.is_null() { let mut optr: *mut libc::c_char = 0 as *mut libc::c_char; /* no colon, semicolon? */ - ptr = strchr((*headers).data, ';' as i32); + ptr = unsafe{strchr((*headers).data, ';' as i32)}; if !ptr.is_null() { optr = ptr; - ptr = ptr.offset(1); /* pass the semicolon */ - while *ptr as i32 != 0 && Curl_isspace(*ptr as u8 as i32) != 0 { - ptr = ptr.offset(1); + ptr = unsafe{ptr.offset(1)}; /* pass the semicolon */ + while unsafe{*ptr as i32 != 0 && Curl_isspace(*ptr as u8 as i32) != 0} { + ptr = unsafe{ptr.offset(1)}; } - if *ptr != 0 { + if unsafe{*ptr != 0} { optr = 0 as *mut libc::c_char; } else { - ptr = ptr.offset(-1); - if *ptr as i32 == ';' as i32 { + ptr = unsafe{ptr.offset(-1)}; + if unsafe{*ptr as i32 == ';' as i32} { /* this may be used for something else in the future */ match () { #[cfg(not(all(DEBUGBUILD, not(CURL_DISABLE_VERBOSE_STRINGS))))] _ => { - semicolonp = Curl_cstrdup.expect("non-null function pointer")( + semicolonp = unsafe{Curl_cstrdup.expect("non-null function pointer")( (*headers).data, - ); + )}; } #[cfg(all(DEBUGBUILD, not(CURL_DISABLE_VERBOSE_STRINGS)))] _ => { - semicolonp = curl_dbg_strdup( + semicolonp = unsafe{curl_dbg_strdup( (*headers).data, 1857, b"http.c\0" as *const u8 as *const libc::c_char, - ); + )}; } } if semicolonp.is_null() { /* copy the source */ #[cfg(not(USE_HYPER))] - Curl_dyn_free(req); + unsafe{Curl_dyn_free(req);} return CURLE_OUT_OF_MEMORY; } /* put a colon where the semicolon is */ - *semicolonp.offset(ptr.offset_from((*headers).data) as i64 as isize) = - ':' as i32 as libc::c_char; + unsafe{ *semicolonp.offset(ptr.offset_from((*headers).data) as i64 as isize) = + ':' as i32 as libc::c_char;} /* point at the colon */ - optr = &mut *semicolonp + optr = unsafe{&mut *semicolonp .offset(ptr.offset_from((*headers).data) as i64 as isize) - as *mut libc::c_char; + as *mut libc::c_char}; } } ptr = optr; @@ -2754,44 +2760,44 @@ pub unsafe extern "C" fn Curl_add_custom_headers( } if !ptr.is_null() { /* we require a colon for this to be a true header */ - ptr = ptr.offset(1); - while *ptr as i32 != 0 && Curl_isspace(*ptr as u8 as i32) != 0 { - ptr = ptr.offset(1); + ptr = unsafe{ptr.offset(1)}; + while unsafe{*ptr as i32 != 0 && Curl_isspace(*ptr as u8 as i32) != 0} { + ptr = unsafe{ptr.offset(1)}; } - if *ptr as i32 != 0 || !semicolonp.is_null() { + if unsafe{*ptr as i32 != 0 || !semicolonp.is_null()} { /* only send this if the contents was non-blank or done special */ let mut result: CURLcode = CURLE_OK; let mut compare: *mut libc::c_char = if !semicolonp.is_null() { semicolonp } else { - (*headers).data + unsafe{(*headers).data} }; - if !(!((*data).state.aptr.host).is_null() && + if unsafe{!(!((*data).state.aptr.host).is_null() && /* a Host: header was sent already, don't pass on any custom Host: header as that will produce *two* in the same request! */ curl_strnequal( b"Host:\0" as *const u8 as *const libc::c_char, compare, strlen(b"Host:\0" as *const u8 as *const libc::c_char), - ) != 0) + ) != 0)} { - if !((*data).state.httpreq as u32 == HTTPREQ_POST_FORM + if unsafe{!((*data).state.httpreq as u32 == HTTPREQ_POST_FORM /* this header (extended by formdata.c) is sent later */ && curl_strnequal( b"Content-Type:\0" as *const u8 as *const libc::c_char, compare, strlen(b"Content-Type:\0" as *const u8 as *const libc::c_char), - ) != 0) + ) != 0)} { - if !((*data).state.httpreq as u32 == HTTPREQ_POST_MIME + if unsafe{!((*data).state.httpreq as u32 == HTTPREQ_POST_MIME /* this header is sent later */ && curl_strnequal( b"Content-Type:\0" as *const u8 as *const libc::c_char, compare, strlen(b"Content-Type:\0" as *const u8 as *const libc::c_char), - ) != 0) + ) != 0)} { - if !(((*conn).bits).authneg() as i32 != 0 + if unsafe{!(((*conn).bits).authneg() as i32 != 0 && /* while doing auth neg, don't allow the custom length since we will force length zero then */ @@ -2802,9 +2808,9 @@ pub unsafe extern "C" fn Curl_add_custom_headers( b"Content-Length:\0" as *const u8 as *const libc::c_char, ), - ) != 0) + ) != 0)} { - if !(!((*data).state.aptr.te).is_null() + if unsafe{!(!((*data).state.aptr.te).is_null() && /* when asking for Transfer-Encoding, don't pass on a custom Connection: */ @@ -2815,9 +2821,9 @@ pub unsafe extern "C" fn Curl_add_custom_headers( b"Connection:\0" as *const u8 as *const libc::c_char, ), - ) != 0) + ) != 0)} { - if !((*conn).httpversion as i32 >= 20 + if unsafe{!((*conn).httpversion as i32 >= 20 && /* HTTP/2 doesn't support chunked requests */ curl_strnequal( @@ -2828,9 +2834,9 @@ pub unsafe extern "C" fn Curl_add_custom_headers( b"Transfer-Encoding:\0" as *const u8 as *const libc::c_char, ), - ) != 0) + ) != 0)} { - if !((curl_strnequal( + if unsafe{!((curl_strnequal( b"Authorization:\0" as *const u8 as *const libc::c_char, compare, @@ -2857,22 +2863,22 @@ pub unsafe extern "C" fn Curl_add_custom_headers( && Curl_strcasecompare( (*data).state.first_host, (*conn).host.name, - ) == 0)) + ) == 0))} { match () { #[cfg(USE_HYPER)] _ => { result = - Curl_hyper_header(data, req, compare); + unsafe{Curl_hyper_header(data, req, compare)}; } #[cfg(not(USE_HYPER))] _ => { - result = Curl_dyn_addf( + result =unsafe{ Curl_dyn_addf( req, b"%s\r\n\0" as *const u8 as *const libc::c_char, compare, - ); + )}; } } } @@ -2884,22 +2890,22 @@ pub unsafe extern "C" fn Curl_add_custom_headers( } if !semicolonp.is_null() { #[cfg(not(CURLDEBUG))] - Curl_cfree.expect("non-null function pointer")( + unsafe{ Curl_cfree.expect("non-null function pointer")( semicolonp as *mut libc::c_void, - ); + );} #[cfg(CURLDEBUG)] - curl_dbg_free( + unsafe{ curl_dbg_free( semicolonp as *mut libc::c_void, 1929 as i32, b"http.c\0" as *const u8 as *const libc::c_char, - ); + );} } if result as u64 != 0 { return result; } } } - headers = (*headers).next; + headers = unsafe{(*headers).next}; } i += 1; } @@ -2913,7 +2919,7 @@ const CURL_TIMECOND_LASTMOD: u32 = 3; #[cfg(all(not(CURL_DISABLE_PARSEDATE), USE_HYPER))] #[no_mangle] -pub unsafe extern "C" fn Curl_add_timecondition( +pub extern "C" fn Curl_add_timecondition( mut data: *mut Curl_easy, mut req: *mut dynbuf, ) -> CURLcode { @@ -2934,21 +2940,21 @@ pub unsafe extern "C" fn Curl_add_timecondition( let mut result: CURLcode = CURLE_OK; let mut datestr: [libc::c_char; 80] = [0; 80]; let mut condp: *const libc::c_char = 0 as *const libc::c_char; - if (*data).set.timecondition as u32 == CURL_TIMECOND_NONE as i32 as u32 { + if unsafe{(*data).set.timecondition as u32 == CURL_TIMECOND_NONE as u32} { /* no condition was asked for */ return CURLE_OK; } - result = Curl_gmtime((*data).set.timevalue, &mut keeptime); + result = unsafe{Curl_gmtime((*data).set.timevalue, &mut keeptime)}; if result as u64 != 0 { - Curl_failf( + unsafe{Curl_failf( data, b"Invalid TIMEVALUE\0" as *const u8 as *const libc::c_char, - ); + );} return result; } tm = &mut keeptime; - match (*data).set.timecondition as u32 { + match unsafe{(*data).set.timecondition as u32} { CURL_TIMECOND_IFMODSINCE => { condp = b"If-Modified-Since\0" as *const u8 as *const libc::c_char; } @@ -2960,7 +2966,7 @@ pub unsafe extern "C" fn Curl_add_timecondition( } _ => return CURLE_BAD_FUNCTION_ARGUMENT, } - if !(Curl_checkheaders(data, condp)).is_null() { + if unsafe{!(Curl_checkheaders(data, condp)).is_null()} { /* A custom header was specified; it will be sent instead. */ return CURLE_OK; } @@ -2973,7 +2979,7 @@ pub unsafe extern "C" fn Curl_add_timecondition( */ /* format: "Tue, 15 Nov 1994 12:45:26 GMT" */ - curl_msnprintf( + unsafe{curl_msnprintf( datestr.as_mut_ptr(), ::std::mem::size_of::<[libc::c_char; 80]>() as u64, b"%s: %s, %02d %s %4d %02d:%02d:%02d GMT\r\n\0" as *const u8 as *const libc::c_char, @@ -2989,15 +2995,15 @@ pub unsafe extern "C" fn Curl_add_timecondition( (*tm).tm_hour, (*tm).tm_min, (*tm).tm_sec, - ); + );} - result = Curl_hyper_header(data, req as *mut hyper_headers, datestr.as_mut_ptr()); + result = unsafe{Curl_hyper_header(data, req as *mut hyper_headers, datestr.as_mut_ptr())}; return result; } #[cfg(all(not(CURL_DISABLE_PARSEDATE), not(USE_HYPER)))] #[no_mangle] -pub unsafe extern "C" fn Curl_add_timecondition( +pub extern "C" fn Curl_add_timecondition( mut data: *mut Curl_easy, mut req: *mut dynbuf, ) -> CURLcode { @@ -3018,19 +3024,19 @@ pub unsafe extern "C" fn Curl_add_timecondition( let mut result: CURLcode = CURLE_OK; let mut datestr: [libc::c_char; 80] = [0; 80]; let mut condp: *const libc::c_char = 0 as *const libc::c_char; - if (*data).set.timecondition as u32 == CURL_TIMECOND_NONE as i32 as u32 { + if unsafe{(*data).set.timecondition as u32 == CURL_TIMECOND_NONE as u32 }{ return CURLE_OK; } - result = Curl_gmtime((*data).set.timevalue, &mut keeptime); + result =unsafe{ Curl_gmtime((*data).set.timevalue, &mut keeptime)}; if result as u64 != 0 { - Curl_failf( + unsafe{ Curl_failf( data, b"Invalid TIMEVALUE\0" as *const u8 as *const libc::c_char, - ); + );} return result; } tm = &mut keeptime; - match (*data).set.timecondition as u32 { + match unsafe{(*data).set.timecondition as u32} { CURL_TIMECOND_IFMODSINCE => { condp = b"If-Modified-Since\0" as *const u8 as *const libc::c_char; } @@ -3042,10 +3048,10 @@ pub unsafe extern "C" fn Curl_add_timecondition( } _ => return CURLE_BAD_FUNCTION_ARGUMENT, } - if !(Curl_checkheaders(data, condp)).is_null() { + if unsafe{!(Curl_checkheaders(data, condp)).is_null()} { return CURLE_OK; } - curl_msnprintf( + unsafe{ curl_msnprintf( datestr.as_mut_ptr(), ::std::mem::size_of::<[libc::c_char; 80]>() as u64, b"%s: %s, %02d %s %4d %02d:%02d:%02d GMT\r\n\0" as *const u8 as *const libc::c_char, @@ -3061,14 +3067,14 @@ pub unsafe extern "C" fn Curl_add_timecondition( (*tm).tm_hour, (*tm).tm_min, (*tm).tm_sec, - ); - result = Curl_dyn_add(req, datestr.as_mut_ptr()); + );} + result = unsafe{Curl_dyn_add(req, datestr.as_mut_ptr())}; return result; } /* disabled */ #[cfg(CURL_DISABLE_PARSEDATE)] -pub unsafe extern "C" fn Curl_add_timecondition( +pub extern "C" fn Curl_add_timecondition( mut data: *mut Curl_easy, mut req: *mut dynbuf, ) -> CURLcode { @@ -3079,38 +3085,38 @@ const PROTO_FAMILY_HTTP: u32 = 1 << 0 | 1 << 1; const CURLPROTO_FTP: u32 = 1 << 2; #[no_mangle] -pub unsafe extern "C" fn Curl_http_method( +pub extern "C" fn Curl_http_method( mut data: *mut Curl_easy, mut conn: *mut connectdata, mut method: *mut *const libc::c_char, mut reqp: *mut Curl_HttpReq, ) { - let mut httpreq: Curl_HttpReq = (*data).state.httpreq; + let mut httpreq: Curl_HttpReq = unsafe{(*data).state.httpreq}; let mut request: *const libc::c_char = 0 as *const libc::c_char; - if (*(*conn).handler).protocol + if unsafe{(*(*conn).handler).protocol & (PROTO_FAMILY_HTTP | CURLPROTO_FTP) != 0 - && ((*data).set).upload() as i32 != 0 + && ((*data).set).upload() as i32 != 0} { httpreq = HTTPREQ_PUT; } /* Now set the 'request' pointer to the proper request string */ - if !((*data).set.str_0[STRING_CUSTOMREQUEST as i32 as usize]).is_null() { - request = (*data).set.str_0[STRING_CUSTOMREQUEST as i32 as usize]; - } else if ((*data).set).opt_no_body() != 0 { + if unsafe{!((*data).set.str_0[STRING_CUSTOMREQUEST as usize]).is_null()} { + request = unsafe{(*data).set.str_0[STRING_CUSTOMREQUEST as usize]}; + } else if unsafe{((*data).set).opt_no_body() != 0} { request = b"HEAD\0" as *const u8 as *const libc::c_char; } else { #[cfg(all(DEBUGBUILD, HAVE_ASSERT_H))] - if httpreq as u32 >= HTTPREQ_GET as i32 as u32 - && httpreq as u32 <= HTTPREQ_HEAD as i32 as u32 + if httpreq as u32 >= HTTPREQ_GET as u32 + && httpreq as u32 <= HTTPREQ_HEAD as u32 { - } else { + } else {unsafe{ __assert_fail( b"(httpreq >= HTTPREQ_GET) && (httpreq <= HTTPREQ_HEAD)\0" as *const u8 as *const libc::c_char, b"http.c\0" as *const u8 as *const libc::c_char, - 2041 as i32 as u32, + 2041 as u32, (*::std::mem::transmute::< &[u8; 95], &[libc::c_char; 95], @@ -3118,7 +3124,7 @@ pub unsafe extern "C" fn Curl_http_method( b"void Curl_http_method(struct Curl_easy *, struct connectdata *, const char **, Curl_HttpReq *)\0", )) .as_ptr(), - ); + );} } match httpreq as u32 { HTTPREQ_POST | HTTPREQ_POST_FORM | HTTPREQ_POST_MIME => { @@ -3135,17 +3141,18 @@ pub unsafe extern "C" fn Curl_http_method( } } } - *method = request; - *reqp = httpreq; + unsafe{*method = request; + *reqp = httpreq;} } #[no_mangle] -pub unsafe extern "C" fn Curl_http_useragent(mut data: *mut Curl_easy) -> CURLcode { +pub extern "C" fn Curl_http_useragent(mut data: *mut Curl_easy) -> CURLcode { /* The User-Agent string might have been allocated in url.c already, because it might have been used in the proxy connect, but if we have got a header with the user-agent string specified, we erase the previously made string here. */ - if !(Curl_checkheaders(data, b"User-Agent\0" as *const u8 as *const libc::c_char)).is_null() { + if unsafe{!(Curl_checkheaders(data, b"User-Agent\0" as *const u8 as *const libc::c_char)).is_null()} { + unsafe{ #[cfg(not(CURLDEBUG))] Curl_cfree.expect("non-null function pointer")( (*data).state.aptr.uagent as *mut libc::c_void, @@ -3156,19 +3163,20 @@ pub unsafe extern "C" fn Curl_http_useragent(mut data: *mut Curl_easy) -> CURLco 2072, b"http.c\0" as *const u8 as *const libc::c_char, ); - (*data).state.aptr.uagent = 0 as *mut libc::c_char; + (*data).state.aptr.uagent = 0 as *mut libc::c_char;} } return CURLE_OK; } #[no_mangle] -pub unsafe extern "C" fn Curl_http_host( +pub extern "C" fn Curl_http_host( mut data: *mut Curl_easy, mut conn: *mut connectdata, ) -> CURLcode { let mut ptr: *const libc::c_char = 0 as *const libc::c_char; - if ((*data).state).this_is_a_follow() == 0 { + if unsafe{((*data).state).this_is_a_follow() == 0} { /* Free to avoid leaking memory on multiple requests*/ + unsafe{ #[cfg(not(CURLDEBUG))] Curl_cfree.expect("non-null function pointer")( (*data).state.first_host as *mut libc::c_void, @@ -3178,27 +3186,28 @@ pub unsafe extern "C" fn Curl_http_host( (*data).state.first_host as *mut libc::c_void, 2084, b"http.c\0" as *const u8 as *const libc::c_char, - ); + );} match () { #[cfg(not(CURLDEBUG))] _ => { - (*data).state.first_host = - Curl_cstrdup.expect("non-null function pointer")((*conn).host.name); + unsafe{(*data).state.first_host = + Curl_cstrdup.expect("non-null function pointer")((*conn).host.name);} } #[cfg(CURLDEBUG)] _ => { - (*data).state.first_host = curl_dbg_strdup( + unsafe{ (*data).state.first_host = curl_dbg_strdup( (*conn).host.name, 2086 as i32, b"http.c\0" as *const u8 as *const libc::c_char, - ); + );} } } - if ((*data).state.first_host).is_null() { + if unsafe{((*data).state.first_host).is_null()} { return CURLE_OUT_OF_MEMORY; } - (*data).state.first_remote_port = (*conn).remote_port; + unsafe{ (*data).state.first_remote_port = (*conn).remote_port;} } + unsafe{ #[cfg(not(CURLDEBUG))] Curl_cfree.expect("non-null function pointer")((*data).state.aptr.host as *mut libc::c_void); #[cfg(CURLDEBUG)] @@ -3207,11 +3216,11 @@ pub unsafe extern "C" fn Curl_http_host( 2092 as i32, b"http.c\0" as *const u8 as *const libc::c_char, ); - (*data).state.aptr.host = 0 as *mut libc::c_char; - ptr = Curl_checkheaders(data, b"Host\0" as *const u8 as *const libc::c_char); - if !ptr.is_null() + (*data).state.aptr.host = 0 as *mut libc::c_char;} + ptr = unsafe{Curl_checkheaders(data, b"Host\0" as *const u8 as *const libc::c_char)}; + if unsafe{!ptr.is_null() && (((*data).state).this_is_a_follow() == 0 - || Curl_strcasecompare((*data).state.first_host, (*conn).host.name) != 0) + || Curl_strcasecompare((*data).state.first_host, (*conn).host.name) != 0)} { match () { #[cfg(not(CURL_DISABLE_COOKIES))] @@ -3225,7 +3234,7 @@ pub unsafe extern "C" fn Curl_http_host( if cookiehost.is_null() { return CURLE_OUT_OF_MEMORY; } - if *cookiehost == 0 { + if unsafe{*cookiehost == 0 }{unsafe{ /* ignore empty data */ #[cfg(not(CURLDEBUG))] Curl_cfree.expect("non-null function pointer")(cookiehost as *mut libc::c_void); @@ -3234,31 +3243,31 @@ pub unsafe extern "C" fn Curl_http_host( cookiehost as *mut libc::c_void, 2108, b"http.c\0" as *const u8 as *const libc::c_char, - ); + );} } else { /* If the host begins with '[', we start searching for the port after the bracket has been closed */ - if *cookiehost as i32 == '[' as i32 { + if unsafe{*cookiehost as i32 == '[' as i32} { let mut closingbracket: *mut libc::c_char = 0 as *mut libc::c_char; /* since the 'cookiehost' is an allocated memory area that will be freed later we cannot simply increment the pointer */ - memmove( + unsafe{ memmove( cookiehost as *mut libc::c_void, - cookiehost.offset(1 as i32 as isize) as *const libc::c_void, + cookiehost.offset(1 as isize) as *const libc::c_void, (strlen(cookiehost)).wrapping_sub(1 as u64), ); closingbracket = strchr(cookiehost, ']' as i32); if !closingbracket.is_null() { *closingbracket = 0 as libc::c_char; - } + }} } else { let mut startsearch: i32 = 0; let mut colon: *mut libc::c_char = - strchr(cookiehost.offset(startsearch as isize), ':' as i32); + unsafe{strchr(cookiehost.offset(startsearch as isize), ':' as i32)}; if !colon.is_null() { - *colon = 0 as i32 as libc::c_char; /* The host must not include an embedded port number */ + unsafe{ *colon = 0 as libc::c_char; }/* The host must not include an embedded port number */ } - } + }unsafe{ #[cfg(not(CURLDEBUG))] Curl_cfree.expect("non-null function pointer")( (*data).state.aptr.cookiehost as *mut libc::c_void, @@ -3270,36 +3279,36 @@ pub unsafe extern "C" fn Curl_http_host( b"http.c\0" as *const u8 as *const libc::c_char, ); (*data).state.aptr.cookiehost = 0 as *mut libc::c_char; - (*data).state.aptr.cookiehost = cookiehost; + (*data).state.aptr.cookiehost = cookiehost;} } } #[cfg(CURL_DISABLE_COOKIES)] _ => {} } - if strcmp(b"Host:\0" as *const u8 as *const libc::c_char, ptr) != 0 { - (*data).state.aptr.host = curl_maprintf( + if unsafe{strcmp(b"Host:\0" as *const u8 as *const libc::c_char, ptr) != 0 }{ + unsafe{ (*data).state.aptr.host = curl_maprintf( b"Host:%s\r\n\0" as *const u8 as *const libc::c_char, - &*ptr.offset(5 as i32 as isize) as *const libc::c_char, + &*ptr.offset(5 as isize) as *const libc::c_char, ); if ((*data).state.aptr.host).is_null() { return CURLE_OUT_OF_MEMORY; - } + }} } else { /* when clearing the header */ - (*data).state.aptr.host = 0 as *mut libc::c_char; + unsafe{(*data).state.aptr.host = 0 as *mut libc::c_char;} } } else { /* When building Host: headers, we must put the host name within [brackets] if the host name is a plain IPv6-address. RFC2732-style. */ - let mut host: *const libc::c_char = (*conn).host.name; - if (*(*conn).given).protocol & CURLPROTO_HTTPS != 0 + let mut host: *const libc::c_char = unsafe{(*conn).host.name}; + if unsafe{(*(*conn).given).protocol & CURLPROTO_HTTPS != 0 && (*conn).remote_port == PORT_HTTPS || (*(*conn).given).protocol & CURLPROTO_HTTP != 0 - && (*conn).remote_port == PORT_HTTP + && (*conn).remote_port == PORT_HTTP} { /* if(HTTPS on port 443) OR (HTTP on port 80) then don't include the port number in the host string */ - (*data).state.aptr.host = curl_maprintf( + unsafe{(*data).state.aptr.host = curl_maprintf( b"Host: %s%s%s\r\n\0" as *const u8 as *const libc::c_char, if ((*conn).bits).ipv6_ip() as i32 != 0 { b"[\0" as *const u8 as *const libc::c_char @@ -3312,9 +3321,9 @@ pub unsafe extern "C" fn Curl_http_host( } else { b"\0" as *const u8 as *const libc::c_char }, - ); + );} } else { - (*data).state.aptr.host = curl_maprintf( + unsafe{(*data).state.aptr.host = curl_maprintf( b"Host: %s%s%s:%d\r\n\0" as *const u8 as *const libc::c_char, if ((*conn).bits).ipv6_ip() as i32 != 0 { b"[\0" as *const u8 as *const libc::c_char @@ -3328,10 +3337,10 @@ pub unsafe extern "C" fn Curl_http_host( b"\0" as *const u8 as *const libc::c_char }, (*conn).remote_port, - ); + );} } /* without Host: we can't make a nice request */ - if ((*data).state.aptr.host).is_null() { + if unsafe{((*data).state.aptr.host).is_null()} { return CURLE_OUT_OF_MEMORY; } } @@ -3342,23 +3351,23 @@ pub unsafe extern "C" fn Curl_http_host( * Append the request-target to the HTTP request */ #[no_mangle] -pub unsafe extern "C" fn Curl_http_target( +pub extern "C" fn Curl_http_target( mut data: *mut Curl_easy, mut conn: *mut connectdata, mut r: *mut dynbuf, ) -> CURLcode { let mut result: CURLcode = CURLE_OK; - let mut path: *const libc::c_char = (*data).state.up.path; - let mut query: *const libc::c_char = (*data).state.up.query; + let mut path: *const libc::c_char = unsafe{(*data).state.up.path}; + let mut query: *const libc::c_char = unsafe{ (*data).state.up.query}; - if !((*data).set.str_0[STRING_TARGET as i32 as usize]).is_null() { - path = (*data).set.str_0[STRING_TARGET as i32 as usize]; + if unsafe{!((*data).set.str_0[STRING_TARGET as usize]).is_null()} { + path = unsafe{(*data).set.str_0[STRING_TARGET as usize]}; query = 0 as *const libc::c_char; } match () { #[cfg(not(CURL_DISABLE_PROXY))] _ => { - if ((*conn).bits).httpproxy() as i32 != 0 && ((*conn).bits).tunnel_proxy() == 0 { + if unsafe{((*conn).bits).httpproxy() as i32 != 0 && ((*conn).bits).tunnel_proxy() == 0} { /* Using a proxy but does not tunnel through it */ /* The path sent to the proxy is in fact the entire URL. But if the remote @@ -3368,69 +3377,69 @@ pub unsafe extern "C" fn Curl_http_target( /* and no fragment part */ let mut uc: CURLUcode = CURLUE_OK; let mut url: *mut libc::c_char = 0 as *mut libc::c_char; - let mut h: *mut CURLU = curl_url_dup((*data).state.uh); + let mut h: *mut CURLU = unsafe{curl_url_dup((*data).state.uh)}; if h.is_null() { return CURLE_OUT_OF_MEMORY; } - if (*conn).host.dispname != (*conn).host.name as *const libc::c_char { - uc = curl_url_set(h, CURLUPART_HOST, (*conn).host.name, 0 as i32 as u32); + if unsafe{(*conn).host.dispname != (*conn).host.name as *const libc::c_char} { + uc = unsafe{curl_url_set(h, CURLUPART_HOST, (*conn).host.name, 0 as u32)}; if uc as u64 != 0 { - curl_url_cleanup(h); + unsafe{ curl_url_cleanup(h);} return CURLE_OUT_OF_MEMORY; } } - uc = curl_url_set( + uc = unsafe{curl_url_set( h, CURLUPART_FRAGMENT, 0 as *const libc::c_char, 0 as u32, - ); + )}; if uc as u64 != 0 { - curl_url_cleanup(h); + unsafe{ curl_url_cleanup(h);} return CURLE_OUT_OF_MEMORY; } - if Curl_strcasecompare( + if unsafe{Curl_strcasecompare( b"http\0" as *const u8 as *const libc::c_char, (*data).state.up.scheme, - ) != 0 + ) != 0} { /* when getting HTTP, we don't want the userinfo the URL */ - uc = curl_url_set(h, CURLUPART_USER, 0 as *const libc::c_char, 0 as i32 as u32); + uc = unsafe{curl_url_set(h, CURLUPART_USER, 0 as *const libc::c_char, 0 as u32)}; if uc as u64 != 0 { - curl_url_cleanup(h); + unsafe{curl_url_cleanup(h);} return CURLE_OUT_OF_MEMORY; } - uc = curl_url_set( + uc = unsafe{curl_url_set( h, CURLUPART_PASSWORD, 0 as *const libc::c_char, 0 as u32, - ); + )}; if uc as u64 != 0 { - curl_url_cleanup(h); + unsafe{curl_url_cleanup(h);} return CURLE_OUT_OF_MEMORY; } } /* Extract the URL to use in the request. Store in STRING_TEMP_URL for clean-up reasons if the function returns before the free() further down. */ - uc = curl_url_get(h, CURLUPART_URL, &mut url, ((1 as i32) << 1 as i32) as u32); + uc = unsafe{curl_url_get(h, CURLUPART_URL, &mut url, ((1 as i32) << 1 as i32) as u32)}; if uc as u64 != 0 { - curl_url_cleanup(h); + unsafe{ curl_url_cleanup(h);} return CURLE_OUT_OF_MEMORY; } - curl_url_cleanup(h); - result = Curl_dyn_add( + unsafe{ curl_url_cleanup(h);} + result = unsafe{Curl_dyn_add( r, - if !((*data).set.str_0[STRING_TARGET as i32 as usize]).is_null() { - (*data).set.str_0[STRING_TARGET as i32 as usize] + if !((*data).set.str_0[STRING_TARGET as usize]).is_null() { + (*data).set.str_0[STRING_TARGET as usize] } else { url }, - ); - + )}; + unsafe{ #[cfg(not(CURLDEBUG))] Curl_cfree.expect("non-null function pointer")(url as *mut libc::c_void); #[cfg(CURLDEBUG)] @@ -3439,25 +3448,25 @@ pub unsafe extern "C" fn Curl_http_target( 2241, b"http.c\0" as *const u8 as *const libc::c_char, ); - + } /* target or url */ if result as u64 != 0 { return result; } - if Curl_strcasecompare( + if unsafe{Curl_strcasecompare( b"ftp\0" as *const u8 as *const libc::c_char, (*data).state.up.scheme, - ) != 0 + ) != 0} { - if ((*data).set).proxy_transfer_mode() != 0 { + if unsafe{((*data).set).proxy_transfer_mode() != 0} { /* when doing ftp, append ;type= if not present */ let mut type_0: *mut libc::c_char = - strstr(path, b";type=\0" as *const u8 as *const libc::c_char); - if !type_0.is_null() + unsafe{ strstr(path, b";type=\0" as *const u8 as *const libc::c_char)}; + if unsafe{!type_0.is_null() && *type_0.offset(6 as isize) as i32 != 0 - && *type_0.offset(7 as isize) as i32 == 0 + && *type_0.offset(7 as isize) as i32 == 0} { - match Curl_raw_toupper(*type_0.offset(6 as isize)) as i32 { + match unsafe{Curl_raw_toupper(*type_0.offset(6 as isize)) as i32} { 65 | 68 | 73 => {} _ => { type_0 = 0 as *mut libc::c_char; @@ -3465,7 +3474,7 @@ pub unsafe extern "C" fn Curl_http_target( } } if type_0.is_null() { - result = Curl_dyn_addf( + result = unsafe{Curl_dyn_addf( r, b";type=%c\0" as *const u8 as *const libc::c_char, if ((*data).state).prefer_ascii() as i32 != 0 { @@ -3473,7 +3482,7 @@ pub unsafe extern "C" fn Curl_http_target( } else { 'i' as i32 }, - ); + )}; if result as u64 != 0 { return result; } @@ -3481,23 +3490,23 @@ pub unsafe extern "C" fn Curl_http_target( } } } else { - result = Curl_dyn_add(r, path); + result = unsafe{Curl_dyn_add(r, path)}; if result as u64 != 0 { return result; } if !query.is_null() { - result = Curl_dyn_addf(r, b"?%s\0" as *const u8 as *const libc::c_char, query); + result = unsafe{Curl_dyn_addf(r, b"?%s\0" as *const u8 as *const libc::c_char, query)}; } } } #[cfg(CURL_DISABLE_PROXY)] _ => { - result = Curl_dyn_add(r, path); + result = unsafe{Curl_dyn_add(r, path)}; if result as u64 != 0 { return result; } if !query.is_null() { - result = Curl_dyn_addf(r, b"?%s\0" as *const u8 as *const libc::c_char, query); + result = unsafe{Curl_dyn_addf(r, b"?%s\0" as *const u8 as *const libc::c_char, query)}; } } } @@ -3505,7 +3514,7 @@ pub unsafe extern "C" fn Curl_http_target( } #[no_mangle] -pub unsafe extern "C" fn Curl_http_body( +pub extern "C" fn Curl_http_body( mut data: *mut Curl_easy, mut conn: *mut connectdata, mut httpreq: Curl_HttpReq, @@ -3513,14 +3522,15 @@ pub unsafe extern "C" fn Curl_http_body( ) -> CURLcode { let mut result: CURLcode = CURLE_OK; let mut ptr: *const libc::c_char = 0 as *const libc::c_char; - let mut http: *mut HTTP = (*data).req.p.http; - (*http).postsize = 0 as curl_off_t; + let mut http: *mut HTTP = unsafe{(*data).req.p.http}; + unsafe{(*http).postsize = 0 as curl_off_t;} match httpreq as u32 { HTTPREQ_POST_MIME => { - (*http).sendit = &mut (*data).set.mimepost; + unsafe{(*http).sendit = &mut (*data).set.mimepost;} } HTTPREQ_POST_FORM => { + unsafe{ /* Convert the form structure into a mime structure. */ #[cfg(any( all(not(CURL_DISABLE_HTTP), not(CURL_DISABLE_MIME)), @@ -3553,30 +3563,30 @@ pub unsafe extern "C" fn Curl_http_body( if result as u64 != 0 { return result; } - (*http).sendit = &mut (*http).form; + (*http).sendit = &mut (*http).form;} } _ => { - (*http).sendit = 0 as *mut curl_mimepart; + unsafe{(*http).sendit = 0 as *mut curl_mimepart;} } } #[cfg(not(CURL_DISABLE_MIME))] - if !((*http).sendit).is_null() { + if !(unsafe{(*http).sendit}).is_null(){ let mut cthdr: *const libc::c_char = - Curl_checkheaders(data, b"Content-Type\0" as *const u8 as *const libc::c_char); + unsafe{Curl_checkheaders(data, b"Content-Type\0" as *const u8 as *const libc::c_char)}; /* Read and seek body only. */ - (*(*http).sendit).flags |= MIME_BODY_ONLY; + unsafe{(*(*http).sendit).flags |= MIME_BODY_ONLY;} /* Prepare the mime structure headers & set content type. */ if !cthdr.is_null() { - cthdr = cthdr.offset(13 as i32 as isize); - while *cthdr as i32 == ' ' as i32 { - cthdr = cthdr.offset(1); + cthdr = unsafe{cthdr.offset(13 as isize)}; + while unsafe{*cthdr as i32 == ' ' as i32} { + cthdr = unsafe{cthdr.offset(1)}; } - } else if (*(*http).sendit).kind as u32 == MIMEKIND_MULTIPART as i32 as u32 { + } else if unsafe{(*(*http).sendit).kind as u32 == MIMEKIND_MULTIPART as u32} { cthdr = b"multipart/form-data\0" as *const u8 as *const libc::c_char; } - curl_mime_headers((*http).sendit, (*data).set.headers, 0 as i32); + unsafe{ curl_mime_headers((*http).sendit, (*data).set.headers, 0 as i32);} // 好像这里其实可以不要条件编译 match () { #[cfg(any( @@ -3585,12 +3595,12 @@ pub unsafe extern "C" fn Curl_http_body( not(CURL_DISABLE_IMAP) ))] _ => { - result = Curl_mime_prepare_headers( + result = unsafe{Curl_mime_prepare_headers( (*http).sendit, cthdr, 0 as *const libc::c_char, MIMESTRATEGY_FORM, - ); + )}; } _ => { result = CURLE_NOT_BUILT_IN; @@ -3602,36 +3612,36 @@ pub unsafe extern "C" fn Curl_http_body( // 0 as *const libc::c_char, // MIMESTRATEGY_FORM, // ); - curl_mime_headers((*http).sendit, 0 as *mut curl_slist, 0 as i32); + unsafe{ curl_mime_headers((*http).sendit, 0 as *mut curl_slist, 0 as i32);} if result as u64 == 0 { - result = Curl_mime_rewind((*http).sendit); + result =unsafe{ Curl_mime_rewind((*http).sendit)}; } if result as u64 != 0 { return result; } - (*http).postsize = Curl_mime_size((*http).sendit); + unsafe{(*http).postsize = Curl_mime_size((*http).sendit);} } - ptr = Curl_checkheaders( + ptr = unsafe{Curl_checkheaders( data, b"Transfer-Encoding\0" as *const u8 as *const libc::c_char, - ); + )}; if !ptr.is_null() { /* Some kind of TE is requested, check if 'chunked' is chosen */ - (*data).req.set_upload_chunky(Curl_compareheader( + unsafe{ (*data).req.set_upload_chunky(Curl_compareheader( ptr, b"Transfer-Encoding:\0" as *const u8 as *const libc::c_char, b"chunked\0" as *const u8 as *const libc::c_char, - ) as bit); + ) as bit);} } else { - if (*(*conn).handler).protocol & ((1 as i32) << 0 as i32 | (1 as i32) << 1 as i32) as u32 + if unsafe{(*(*conn).handler).protocol & ((1 as i32) << 0 as i32 | (1 as i32) << 1 as i32) as u32 != 0 - && ((httpreq as u32 == HTTPREQ_POST_MIME as i32 as u32 - || httpreq as u32 == HTTPREQ_POST_FORM as i32 as u32) + && ((httpreq as u32 == HTTPREQ_POST_MIME as u32 + || httpreq as u32 == HTTPREQ_POST_FORM as u32) && (*http).postsize < 0 as i32 as i64 || (((*data).set).upload() as i32 != 0 - || httpreq as u32 == HTTPREQ_POST as i32 as u32) - && (*data).state.infilesize == -(1 as i32) as i64) - { + || httpreq as u32 == HTTPREQ_POST as u32) + && (*data).state.infilesize == -(1 as i32) as i64)} + {unsafe{ if !(((*conn).bits).authneg() != 0) { if Curl_use_http_1_1plus(data, conn) { if ((*conn).httpversion as i32) < 20 { @@ -3645,19 +3655,19 @@ pub unsafe extern "C" fn Curl_http_body( ); return CURLE_UPLOAD_FAILED; } - } + }} } else { - (*data).req.set_upload_chunky(0 as i32 as bit); + unsafe{ (*data).req.set_upload_chunky(0 as bit);} } - if ((*data).req).upload_chunky() != 0 { - *tep = b"Transfer-Encoding: chunked\r\n\0" as *const u8 as *const libc::c_char; + if unsafe{ ((*data).req).upload_chunky() != 0 }{ + unsafe{*tep = b"Transfer-Encoding: chunked\r\n\0" as *const u8 as *const libc::c_char;} } } return result; } #[no_mangle] -pub unsafe extern "C" fn Curl_http_bodysend( +pub extern "C" fn Curl_http_bodysend( mut data: *mut Curl_easy, mut conn: *mut connectdata, mut r: *mut dynbuf, @@ -3665,9 +3675,9 @@ pub unsafe extern "C" fn Curl_http_bodysend( ) -> CURLcode { /* Hyper always handles the body separately */ #[cfg(not(USE_HYPER))] - let mut included_body: curl_off_t = 0 as i32 as curl_off_t; + let mut included_body: curl_off_t = 0 as curl_off_t; let mut result: CURLcode = CURLE_OK; - let mut http: *mut HTTP = (*data).req.p.http; + let mut http: *mut HTTP = unsafe{(*data).req.p.http}; let mut ptr: *const libc::c_char = 0 as *const libc::c_char; /* If 'authdone' is FALSE, we must not set the write socket index to the @@ -3676,60 +3686,60 @@ pub unsafe extern "C" fn Curl_http_bodysend( match httpreq as u32 { HTTPREQ_PUT => { /* Let's PUT the data to the server! */ - if ((*conn).bits).authneg() != 0 { - (*http).postsize = 0 as curl_off_t; + if unsafe{((*conn).bits).authneg() != 0 }{ + unsafe{ (*http).postsize = 0 as curl_off_t;} } else { - (*http).postsize = (*data).state.infilesize; + unsafe{ (*http).postsize = (*data).state.infilesize;} } - if (*http).postsize != -1 as i64 + if unsafe{(*http).postsize != -1 as i64 && ((*data).req).upload_chunky() == 0 && (((*conn).bits).authneg() as i32 != 0 || (Curl_checkheaders( data, b"Content-Length\0" as *const u8 as *const libc::c_char, )) - .is_null()) + .is_null())} { /* only add Content-Length if not uploading chunked */ - result = Curl_dyn_addf( + result = unsafe{Curl_dyn_addf( r, b"Content-Length: %ld\r\n\0" as *const u8 as *const libc::c_char, (*http).postsize, - ); + )}; if result as u64 != 0 { return result; } } - if (*http).postsize != 0 { - result = expect100(data, conn, r); + if unsafe{(*http).postsize != 0 }{ + result = unsafe{expect100(data, conn, r)}; if result as u64 != 0 { return result; } } - result = Curl_dyn_add(r, b"\r\n\0" as *const u8 as *const libc::c_char); + result = unsafe{Curl_dyn_add(r, b"\r\n\0" as *const u8 as *const libc::c_char)}; if result as u64 != 0 { return result; } /* set the upload size to the progress meter */ - Curl_pgrsSetUploadSize(data, (*http).postsize); + unsafe{Curl_pgrsSetUploadSize(data, (*http).postsize);} /* this sends the buffer and frees all the buffer resources */ - result = Curl_buffer_send( + result = unsafe{Curl_buffer_send( r, data, &mut (*data).info.request_size, 0 as curl_off_t, 0, - ); + )}; /* this sends the buffer and frees all the buffer resources */ if result as u64 != 0 { - Curl_failf( + unsafe{ Curl_failf( data, b"Failed sending PUT request\0" as *const u8 as *const libc::c_char, - ); + )}; } else { /* prepare for transfer */ - Curl_setup_transfer( + unsafe{ Curl_setup_transfer( data, 0, -1 as curl_off_t, @@ -3739,7 +3749,7 @@ pub unsafe extern "C" fn Curl_http_bodysend( } else { -1 }, - ); + );} } if result as u64 != 0 { return result; @@ -3747,60 +3757,60 @@ pub unsafe extern "C" fn Curl_http_bodysend( } HTTPREQ_POST_FORM | HTTPREQ_POST_MIME => { /* This is form posting using mime data. */ - if ((*conn).bits).authneg() != 0 { + if unsafe{((*conn).bits).authneg() != 0 }{ /* nothing to post! */ - result = Curl_dyn_add( + result = unsafe{Curl_dyn_add( r, b"Content-Length: 0\r\n\r\n\0" as *const u8 as *const libc::c_char, - ); + )}; if result as u64 != 0 { return result; } - result = Curl_buffer_send( + result = unsafe{Curl_buffer_send( r, data, &mut (*data).info.request_size, 0 as curl_off_t, 0, - ); + )}; if result as u64 != 0 { - Curl_failf( + unsafe{Curl_failf( data, b"Failed sending POST request\0" as *const u8 as *const libc::c_char, - ); + );} } else { - Curl_setup_transfer( + unsafe{Curl_setup_transfer( data, 0, -1 as curl_off_t, true, -1, - ); + );} } } else { - (*data).state.infilesize = (*http).postsize; + unsafe{ (*data).state.infilesize = (*http).postsize;} /* We only set Content-Length and allow a custom Content-Length if we don't upload data chunked, as RFC2616 forbids us to set both kinds of headers (Transfer-Encoding: chunked and Content-Length) */ - if (*http).postsize != -1 as i64 + if unsafe{(*http).postsize != -1 as i64 && ((*data).req).upload_chunky() == 0 && (((*conn).bits).authneg() as i32 != 0 || (Curl_checkheaders( data, b"Content-Length\0" as *const u8 as *const libc::c_char, )) - .is_null()) + .is_null())} { /* we allow replacing this header if not during auth negotiation, although it isn't very wise to actually set your own */ - result = Curl_dyn_addf( + result = unsafe{Curl_dyn_addf( r, b"Content-Length: %ld\r\n\0" as *const u8 as *const libc::c_char, (*http).postsize, - ); + )}; if result as u64 != 0 { return result; } @@ -3808,17 +3818,17 @@ pub unsafe extern "C" fn Curl_http_bodysend( // TODO 测试过了就把注释删咯 if cfg!(not(CURL_DISABLE_MIME)) { let mut hdr: *mut curl_slist = 0 as *mut curl_slist; - hdr = (*(*http).sendit).curlheaders; + hdr =unsafe{ (*(*http).sendit).curlheaders}; while !hdr.is_null() { - result = Curl_dyn_addf( + result = unsafe{Curl_dyn_addf( r, b"%s\r\n\0" as *const u8 as *const libc::c_char, (*hdr).data, - ); + )}; if result as u64 != 0 { return result; } - hdr = (*hdr).next; + hdr = unsafe{(*hdr).next}; } } // #[cfg(not(CURL_DISABLE_MIME))] @@ -3842,33 +3852,33 @@ pub unsafe extern "C" fn Curl_http_bodysend( sure that the expect100header is always set to the preferred value here. */ - ptr = Curl_checkheaders(data, b"Expect\0" as *const u8 as *const libc::c_char); + ptr = unsafe{Curl_checkheaders(data, b"Expect\0" as *const u8 as *const libc::c_char)}; if !ptr.is_null() { - (*data).state.set_expect100header(Curl_compareheader( + unsafe{ (*data).state.set_expect100header(Curl_compareheader( ptr, b"Expect:\0" as *const u8 as *const libc::c_char, b"100-continue\0" as *const u8 as *const libc::c_char, - ) as bit); + ) as bit);} - } else if (*http).postsize > EXPECT_100_THRESHOLD - || (*http).postsize < 0 as i64 + } else if unsafe{(*http).postsize > EXPECT_100_THRESHOLD + || (*http).postsize < 0 as i64} { /* make the request end in a true CRLF */ - result = expect100(data, conn, r); + result = unsafe{expect100(data, conn, r)}; if result as u64 != 0 { return result; } } else { - (*data).state.set_expect100header(0 as bit); + unsafe{(*data).state.set_expect100header(0 as bit);} } - result = Curl_dyn_add(r, b"\r\n\0" as *const u8 as *const libc::c_char); + result = unsafe{Curl_dyn_add(r, b"\r\n\0" as *const u8 as *const libc::c_char)}; if result as u64 != 0 { return result; } /* set the upload size to the progress meter */ - Curl_pgrsSetUploadSize(data, (*http).postsize); - let ref mut fresh51 = (*data).state.fread_func; + unsafe{ Curl_pgrsSetUploadSize(data, (*http).postsize);} + let ref mut fresh51 = unsafe{(*data).state.fread_func}; // TODO 这里也有条件编译 match () { #[cfg(any( @@ -3877,7 +3887,7 @@ pub unsafe extern "C" fn Curl_http_bodysend( not(CURL_DISABLE_IMAP) ))] _ => { - *fresh51 = ::std::mem::transmute::< + *fresh51 = unsafe{::std::mem::transmute::< Option< unsafe extern "C" fn( *mut libc::c_char, @@ -3895,7 +3905,7 @@ pub unsafe extern "C" fn Curl_http_bodysend( size_t, *mut libc::c_void, ) -> size_t, - )); + ))}; } _ => { // TODO @@ -3922,26 +3932,26 @@ pub unsafe extern "C" fn Curl_http_bodysend( // )); /* Read from mime structure. */ - (*data).state.in_0 = (*http).sendit as *mut libc::c_void; - (*http).sending = HTTPSEND_BODY; + unsafe{(*data).state.in_0 = (*http).sendit as *mut libc::c_void; + (*http).sending = HTTPSEND_BODY;} /* this sends the buffer and frees all the buffer resources */ - result = Curl_buffer_send( + result =unsafe{ Curl_buffer_send( r, data, &mut (*data).info.request_size, 0 as curl_off_t, 0, - ); + )}; if result as u64 != 0 { - Curl_failf( + unsafe{ Curl_failf( data, b"Failed sending POST request\0" as *const u8 as *const libc::c_char, - ); + )}; } else { /* prepare for transfer */ - Curl_setup_transfer( + unsafe{ Curl_setup_transfer( data, FIRSTSOCKET, -1 as curl_off_t, @@ -3951,7 +3961,7 @@ pub unsafe extern "C" fn Curl_http_bodysend( } else { -1 }, - ); + );} } if result as u64 != 0 { return result; @@ -3961,44 +3971,44 @@ pub unsafe extern "C" fn Curl_http_bodysend( HTTPREQ_POST => { /* this is the simple POST, using x-www-form-urlencoded style */ - if ((*conn).bits).authneg() != 0 { - (*http).postsize = 0 as curl_off_t; + if unsafe{((*conn).bits).authneg() != 0} { + unsafe{(*http).postsize = 0 as curl_off_t;} } else { /* the size of the post body */ - (*http).postsize = (*data).state.infilesize; + unsafe{(*http).postsize = (*data).state.infilesize;} } /* We only set Content-Length and allow a custom Content-Length if we don't upload data chunked, as RFC2616 forbids us to set both kinds of headers (Transfer-Encoding: chunked and Content-Length) */ - if (*http).postsize != -1 as i64 + if unsafe{(*http).postsize != -1 as i64 && ((*data).req).upload_chunky() == 0 && (((*conn).bits).authneg() as i32 != 0 || (Curl_checkheaders( data, b"Content-Length\0" as *const u8 as *const libc::c_char, )) - .is_null()) + .is_null())} { /* we allow replacing this header if not during auth negotiation, although it isn't very wise to actually set your own */ - result = Curl_dyn_addf( + result = unsafe{Curl_dyn_addf( r, b"Content-Length: %ld\r\n\0" as *const u8 as *const libc::c_char, (*http).postsize, - ); + )}; if result as u64 != 0 { return result; } } - if (Curl_checkheaders(data, b"Content-Type\0" as *const u8 as *const libc::c_char)) - .is_null() + if unsafe{(Curl_checkheaders(data, b"Content-Type\0" as *const u8 as *const libc::c_char)) + .is_null()} { - result = Curl_dyn_add( + result =unsafe{ Curl_dyn_add( r, b"Content-Type: application/x-www-form-urlencoded\r\n\0" as *const u8 as *const libc::c_char, - ); + )}; if result as u64 != 0 { return result; } @@ -4008,75 +4018,75 @@ pub unsafe extern "C" fn Curl_http_bodysend( the somewhat bigger ones we allow the app to disable it. Just make sure that the expect100header is always set to the preferred value here. */ - ptr = Curl_checkheaders(data, b"Expect\0" as *const u8 as *const libc::c_char); - if !ptr.is_null() { + ptr =unsafe{ Curl_checkheaders(data, b"Expect\0" as *const u8 as *const libc::c_char)}; + if !ptr.is_null() {unsafe{ (*data).state.set_expect100header(Curl_compareheader( ptr, b"Expect:\0" as *const u8 as *const libc::c_char, b"100-continue\0" as *const u8 as *const libc::c_char, - ) as bit); - } else if (*http).postsize > EXPECT_100_THRESHOLD - || (*http).postsize < 0 as i64 + ) as bit);} + } else if unsafe{(*http).postsize > EXPECT_100_THRESHOLD + || (*http).postsize < 0 as i64} { - result = expect100(data, conn, r); + result = unsafe{expect100(data, conn, r)}; if result as u64 != 0 { return result; } } else { - (*data).state.set_expect100header(0 as bit); + unsafe{(*data).state.set_expect100header(0 as bit);} } // TODO 测试通过了就把match删咯 let flag: bool = if cfg!(not(USE_HYPER)) { - !((*data).set.postfields).is_null() + unsafe{!((*data).set.postfields).is_null()} } else { false }; if flag { - if (*conn).httpversion as i32 != 20 + if unsafe{(*conn).httpversion as i32 != 20 && ((*data).state).expect100header() == 0 - && (*http).postsize < (64 * 1024) as i64 + && (*http).postsize < (64 * 1024) as i64} { /* make the request end in a true CRLF */ - result = Curl_dyn_add(r, b"\r\n\0" as *const u8 as *const libc::c_char); + result = unsafe{Curl_dyn_add(r, b"\r\n\0" as *const u8 as *const libc::c_char)}; if result as u64 != 0 { return result; } - if ((*data).req).upload_chunky() == 0 { + if unsafe{((*data).req).upload_chunky() == 0 }{ result = - Curl_dyn_addn(r, (*data).set.postfields, (*http).postsize as size_t); - included_body = (*http).postsize; + unsafe{Curl_dyn_addn(r, (*data).set.postfields, (*http).postsize as size_t)}; + included_body = unsafe{(*http).postsize}; } else { - if (*http).postsize != 0 { + if unsafe{(*http).postsize != 0} { let mut chunk: [libc::c_char; 16] = [0; 16]; - curl_msnprintf( + unsafe{curl_msnprintf( chunk.as_mut_ptr(), ::std::mem::size_of::<[libc::c_char; 16]>() as u64, b"%x\r\n\0" as *const u8 as *const libc::c_char, (*http).postsize as i32, - ); - result = Curl_dyn_add(r, chunk.as_mut_ptr()); + );} + result = unsafe{Curl_dyn_add(r, chunk.as_mut_ptr())}; if result as u64 == 0 { - included_body = ((*http).postsize as u64) + included_body = unsafe{((*http).postsize as u64) .wrapping_add(strlen(chunk.as_mut_ptr())) - as curl_off_t; - result = Curl_dyn_addn( + as curl_off_t}; + result =unsafe{Curl_dyn_addn( r, (*data).set.postfields, (*http).postsize as size_t, - ); + )}; if result as u64 == 0 { - result = Curl_dyn_add( + result = unsafe{Curl_dyn_add( r, b"\r\n\0" as *const u8 as *const libc::c_char, - ); + )}; } - included_body += 2 as i32 as i64; + included_body += 2 as i64; } } if result as u64 == 0 { result = - Curl_dyn_add(r, b"0\r\n\r\n\0" as *const u8 as *const libc::c_char); - included_body += 5 as i32 as i64; + unsafe{Curl_dyn_add(r, b"0\r\n\r\n\0" as *const u8 as *const libc::c_char)}; + included_body += 5 as i64; } } if result as u64 != 0 { @@ -4084,9 +4094,9 @@ pub unsafe extern "C" fn Curl_http_bodysend( } /* set the upload size to the progress meter */ - Curl_pgrsSetUploadSize(data, (*http).postsize); + unsafe{ Curl_pgrsSetUploadSize(data, (*http).postsize);} } else { - (*http).postdata = (*data).set.postfields as *const libc::c_char; + unsafe{ (*http).postdata = (*data).set.postfields as *const libc::c_char; (*http).sending = HTTPSEND_BODY; (*data).state.fread_func = ::std::mem::transmute::< Option< @@ -4108,39 +4118,39 @@ pub unsafe extern "C" fn Curl_http_bodysend( ) -> size_t, )); (*data).state.in_0 = data as *mut libc::c_void; - Curl_pgrsSetUploadSize(data, (*http).postsize); - result = Curl_dyn_add(r, b"\r\n\0" as *const u8 as *const libc::c_char); + Curl_pgrsSetUploadSize(data, (*http).postsize);} + result = unsafe{Curl_dyn_add(r, b"\r\n\0" as *const u8 as *const libc::c_char)}; if result as u64 != 0 { return result; } } } else { /* make the request end in a true CRLF */ - result = Curl_dyn_add(r, b"\r\n\0" as *const u8 as *const libc::c_char); + result =unsafe{ Curl_dyn_add(r, b"\r\n\0" as *const u8 as *const libc::c_char)}; if result as u64 != 0 { return result; } - if ((*data).req).upload_chunky() as i32 != 0 && ((*conn).bits).authneg() as i32 != 0 + if unsafe{((*data).req).upload_chunky() as i32 != 0 && ((*conn).bits).authneg() as i32 != 0} { - result = Curl_dyn_add( + result = unsafe{Curl_dyn_add( r, b"0\r\n\r\n\0" as *const u8 as *const libc::c_char as *mut libc::c_char, - ); + )}; if result as u64 != 0 { return result; } - } else if (*data).state.infilesize != 0 { - Curl_pgrsSetUploadSize( + } else if unsafe{(*data).state.infilesize != 0 }{ + unsafe{ Curl_pgrsSetUploadSize( data, if (*http).postsize != 0 { (*http).postsize } else { -1 as i64 }, - ); - if ((*conn).bits).authneg() == 0 { - (*http).postdata = - &mut (*http).postdata as *mut *const libc::c_char as *mut libc::c_char; + );} + if unsafe{((*conn).bits).authneg() == 0} { + unsafe{ (*http).postdata = + &mut (*http).postdata as *mut *const libc::c_char as *mut libc::c_char;} } } } @@ -4297,20 +4307,20 @@ pub unsafe extern "C" fn Curl_http_bodysend( // } /* this sends the buffer and frees all the buffer resources */ - result = Curl_buffer_send( + result = unsafe{Curl_buffer_send( r, data, &mut (*data).info.request_size, included_body, 0, - ); + )}; if result as u64 != 0 { - Curl_failf( + unsafe{ Curl_failf( data, b"Failed sending HTTP POST request\0" as *const u8 as *const libc::c_char, - ); + );} } else { - Curl_setup_transfer( + unsafe{Curl_setup_transfer( data, 0, -1 as curl_off_t, @@ -4320,34 +4330,34 @@ pub unsafe extern "C" fn Curl_http_bodysend( } else { -1 }, - ); + );} } } _ => { - result = Curl_dyn_add(r, b"\r\n\0" as *const u8 as *const libc::c_char); + result = unsafe{Curl_dyn_add(r, b"\r\n\0" as *const u8 as *const libc::c_char)}; if result as u64 != 0 { return result; } - result = Curl_buffer_send( + result = unsafe{Curl_buffer_send( r, data, &mut (*data).info.request_size, 0 as curl_off_t, 0, - ); + )}; if result as u64 != 0 { - Curl_failf( + unsafe{ Curl_failf( data, b"Failed sending HTTP request\0" as *const u8 as *const libc::c_char, - ); + );} } else { - Curl_setup_transfer( + unsafe{Curl_setup_transfer( data, 0, -1 as curl_off_t, true, -1, - ); + );} } } } @@ -4356,54 +4366,54 @@ pub unsafe extern "C" fn Curl_http_bodysend( #[cfg(not(CURL_DISABLE_COOKIES))] #[no_mangle] -pub unsafe extern "C" fn Curl_http_cookies( +pub extern "C" fn Curl_http_cookies( mut data: *mut Curl_easy, mut conn: *mut connectdata, mut r: *mut dynbuf, ) -> CURLcode { let mut result: CURLcode = CURLE_OK; let mut addcookies: *mut libc::c_char = 0 as *mut libc::c_char; - if !((*data).set.str_0[STRING_COOKIE as i32 as usize]).is_null() - && (Curl_checkheaders(data, b"Cookie\0" as *const u8 as *const libc::c_char)).is_null() + if unsafe{!((*data).set.str_0[STRING_COOKIE as usize]).is_null() + && (Curl_checkheaders(data, b"Cookie\0" as *const u8 as *const libc::c_char)).is_null()} { - addcookies = (*data).set.str_0[STRING_COOKIE as i32 as usize]; + addcookies = unsafe{(*data).set.str_0[STRING_COOKIE as usize]}; } - if !((*data).cookies).is_null() || !addcookies.is_null() { + if unsafe{!((*data).cookies).is_null() || !addcookies.is_null()} { let mut co: *mut Cookie = 0 as *mut Cookie; let mut count: i32 = 0 as i32; - if !((*data).cookies).is_null() && ((*data).state).cookie_engine() as i32 != 0 { - let mut host: *const libc::c_char = if !((*data).state.aptr.cookiehost).is_null() { + if unsafe{!((*data).cookies).is_null() && ((*data).state).cookie_engine() as i32 != 0 }{ + let mut host: *const libc::c_char = unsafe{if !((*data).state.aptr.cookiehost).is_null() { (*data).state.aptr.cookiehost } else { (*conn).host.name - }; + }}; let secure_context: bool = - if (*(*conn).handler).protocol & ((1 as i32) << 1 as i32) as u32 != 0 + if unsafe{(*(*conn).handler).protocol & ((1 as i32) << 1 as i32) as u32 != 0 || Curl_strcasecompare(b"localhost\0" as *const u8 as *const libc::c_char, host) != 0 || strcmp(host, b"127.0.0.1\0" as *const u8 as *const libc::c_char) == 0 - || strcmp(host, b"[::1]\0" as *const u8 as *const libc::c_char) == 0 + || strcmp(host, b"[::1]\0" as *const u8 as *const libc::c_char) == 0} { 1 } else { 0 } != 0; - Curl_share_lock(data, CURL_LOCK_DATA_COOKIE, CURL_LOCK_ACCESS_SINGLE); + unsafe{ Curl_share_lock(data, CURL_LOCK_DATA_COOKIE, CURL_LOCK_ACCESS_SINGLE); co = Curl_cookie_getlist((*data).cookies, host, (*data).state.up.path, secure_context); - Curl_share_unlock(data, CURL_LOCK_DATA_COOKIE); + Curl_share_unlock(data, CURL_LOCK_DATA_COOKIE);} } if !co.is_null() { let mut store: *mut Cookie = co; /* now loop through all cookies that matched */ while !co.is_null() { - if !((*co).value).is_null() { + if unsafe{!((*co).value).is_null()} { if 0 as i32 == count { - result = Curl_dyn_add(r, b"Cookie: \0" as *const u8 as *const libc::c_char); + result =unsafe{ Curl_dyn_add(r, b"Cookie: \0" as *const u8 as *const libc::c_char)}; if result as u64 != 0 { break; } } - result = Curl_dyn_addf( + result = unsafe{Curl_dyn_addf( r, b"%s%s=%s\0" as *const u8 as *const libc::c_char, if count != 0 { @@ -4413,23 +4423,23 @@ pub unsafe extern "C" fn Curl_http_cookies( }, (*co).name, (*co).value, - ); + )}; if result as u64 != 0 { break; } count += 1; } - co = (*co).next; + co = unsafe{(*co).next}; } - Curl_cookie_freelist(store); + unsafe{ Curl_cookie_freelist(store);} } if !addcookies.is_null() && result as u64 == 0 { if count == 0 { - result = Curl_dyn_add(r, b"Cookie: \0" as *const u8 as *const libc::c_char); + result = unsafe{Curl_dyn_add(r, b"Cookie: \0" as *const u8 as *const libc::c_char)}; } if result as u64 == 0 { - result = Curl_dyn_addf( + result = unsafe{Curl_dyn_addf( r, b"%s%s\0" as *const u8 as *const libc::c_char, if count != 0 { @@ -4438,12 +4448,12 @@ pub unsafe extern "C" fn Curl_http_cookies( b"\0" as *const u8 as *const libc::c_char }, addcookies, - ); + )}; count += 1; } } if count != 0 && result as u64 == 0 { - result = Curl_dyn_add(r, b"\r\n\0" as *const u8 as *const libc::c_char); + result = unsafe{Curl_dyn_add(r, b"\r\n\0" as *const u8 as *const libc::c_char)}; } if result as u64 != 0 { return result; @@ -4453,7 +4463,7 @@ pub unsafe extern "C" fn Curl_http_cookies( } #[cfg(CURL_DISABLE_COOKIES)] #[no_mangle] -pub unsafe extern "C" fn Curl_http_cookies( +pub extern "C" fn Curl_http_cookies( mut data: *mut Curl_easy, mut conn: *mut connectdata, mut r: *mut dynbuf, @@ -4461,15 +4471,15 @@ pub unsafe extern "C" fn Curl_http_cookies( return CURLE_OK; } #[no_mangle] -pub unsafe extern "C" fn Curl_http_range( +pub extern "C" fn Curl_http_range( mut data: *mut Curl_easy, mut httpreq: Curl_HttpReq, ) -> CURLcode { - if ((*data).state).use_range() != 0 { - if (httpreq as u32 == HTTPREQ_GET as i32 as u32 - || httpreq as u32 == HTTPREQ_HEAD as i32 as u32) - && (Curl_checkheaders(data, b"Range\0" as *const u8 as *const libc::c_char)).is_null() - { + if unsafe{((*data).state).use_range() != 0} { + if (httpreq as u32 == HTTPREQ_GET as u32 + || httpreq as u32 == HTTPREQ_HEAD as u32) + && unsafe{(Curl_checkheaders(data, b"Range\0" as *const u8 as *const libc::c_char)).is_null()} + {unsafe{ #[cfg(not(CURLDEBUG))] Curl_cfree.expect("non-null function pointer")( (*data).state.aptr.rangeline as *mut libc::c_void, @@ -4483,12 +4493,12 @@ pub unsafe extern "C" fn Curl_http_range( (*data).state.aptr.rangeline = curl_maprintf( b"Range: bytes=%s\r\n\0" as *const u8 as *const libc::c_char, (*data).state.range, - ); - } else if (httpreq as u32 == HTTPREQ_POST as i32 as u32 - || httpreq as u32 == HTTPREQ_PUT as i32 as u32) - && (Curl_checkheaders(data, b"Content-Range\0" as *const u8 as *const libc::c_char)) - .is_null() - { + );} + } else if (httpreq as u32 == HTTPREQ_POST as u32 + || httpreq as u32 == HTTPREQ_PUT as u32) + && unsafe{(Curl_checkheaders(data, b"Content-Range\0" as *const u8 as *const libc::c_char)) + .is_null()} + {unsafe{ #[cfg(not(CURLDEBUG))] Curl_cfree.expect("non-null function pointer")( (*data).state.aptr.rangeline as *mut libc::c_void, @@ -4499,10 +4509,10 @@ pub unsafe extern "C" fn Curl_http_range( 2784 as i32, b"http.c\0" as *const u8 as *const libc::c_char, ); - if (*data).set.set_resume_from < 0 as i32 as i64 { + if (*data).set.set_resume_from < 0 as i64 { (*data).state.aptr.rangeline = curl_maprintf( b"Content-Range: bytes 0-%ld/%ld\r\n\0" as *const u8 as *const libc::c_char, - (*data).state.infilesize - 1 as i32 as i64, + (*data).state.infilesize - 1 as i64, (*data).state.infilesize, ); } else if (*data).state.resume_from != 0 { @@ -4511,7 +4521,7 @@ pub unsafe extern "C" fn Curl_http_range( (*data).state.aptr.rangeline = curl_maprintf( b"Content-Range: bytes %s%ld/%ld\r\n\0" as *const u8 as *const libc::c_char, (*data).state.range, - total_expected_size - 1 as i32 as i64, + total_expected_size - 1 as i64, total_expected_size, ); } else { @@ -4523,79 +4533,79 @@ pub unsafe extern "C" fn Curl_http_range( } if ((*data).state.aptr.rangeline).is_null() { return CURLE_OUT_OF_MEMORY; - } + }} } } return CURLE_OK; } #[no_mangle] -pub unsafe extern "C" fn Curl_http_resume( +pub extern "C" fn Curl_http_resume( mut data: *mut Curl_easy, mut conn: *mut connectdata, mut httpreq: Curl_HttpReq, ) -> CURLcode { - if (HTTPREQ_POST as i32 as u32 == httpreq as u32 || HTTPREQ_PUT as i32 as u32 == httpreq as u32) - && (*data).state.resume_from != 0 + if (HTTPREQ_POST as u32 == httpreq as u32 || HTTPREQ_PUT as u32 == httpreq as u32) + && unsafe{(*data).state.resume_from != 0} { - if (*data).state.resume_from < 0 as i32 as i64 { - (*data).state.resume_from = 0 as i32 as curl_off_t; + if unsafe{(*data).state.resume_from < 0 as i64 }{ + unsafe{ (*data).state.resume_from = 0 as curl_off_t;} } - if (*data).state.resume_from != 0 && ((*data).state).this_is_a_follow() == 0 { + if unsafe{(*data).state.resume_from != 0 && ((*data).state).this_is_a_follow() == 0} { let mut seekerr: i32 = 2 as i32; - if ((*conn).seek_func).is_some() { - Curl_set_in_callback(data, 1 as i32 != 0); + if unsafe{((*conn).seek_func).is_some() }{ + unsafe{ Curl_set_in_callback(data, 1 as i32 != 0); seekerr = ((*conn).seek_func).expect("non-null function pointer")( (*conn).seek_client, (*data).state.resume_from, 0 as i32, ); - Curl_set_in_callback(data, 0 as i32 != 0); + Curl_set_in_callback(data, 0 as i32 != 0);} } if seekerr != 0 as i32 { let mut passed: curl_off_t = 0 as i32 as curl_off_t; if seekerr != 2 as i32 { - Curl_failf( + unsafe{Curl_failf( data, b"Could not seek stream\0" as *const u8 as *const libc::c_char, - ); + );} return CURLE_READ_ERROR; } loop { let mut readthisamountnow: size_t = - if (*data).state.resume_from - passed > (*data).set.buffer_size { - (*data).set.buffer_size as size_t + if unsafe{(*data).state.resume_from - passed > (*data).set.buffer_size} { + unsafe{ (*data).set.buffer_size as size_t} } else { - curlx_sotouz((*data).state.resume_from - passed) + unsafe{curlx_sotouz((*data).state.resume_from - passed)} }; - let mut actuallyread: size_t = ((*data).state.fread_func) + let mut actuallyread: size_t = unsafe{((*data).state.fread_func) .expect("non-null function pointer")( (*data).state.buffer, - 1 as i32 as size_t, + 1 as size_t, readthisamountnow, (*data).state.in_0, - ); - passed = (passed as u64).wrapping_add(actuallyread) as curl_off_t as curl_off_t; - if actuallyread == 0 as i32 as u64 || actuallyread > readthisamountnow { - Curl_failf( + )}; + passed = (passed as u64).wrapping_add(actuallyread) as curl_off_t; + if actuallyread == 0 as u64 || actuallyread > readthisamountnow { + unsafe{ Curl_failf( data, b"Could only read %ld bytes from the input\0" as *const u8 as *const libc::c_char, passed, - ); + );} return CURLE_READ_ERROR; } - if !(passed < (*data).state.resume_from) { + if unsafe{ !(passed < (*data).state.resume_from)} { break; } } } - if (*data).state.infilesize > 0 as i64 { - (*data).state.infilesize -= (*data).state.resume_from; - if (*data).state.infilesize <= 0 as i32 as i64 { - Curl_failf( + if unsafe{ (*data).state.infilesize > 0 as i64} { + unsafe{ (*data).state.infilesize -= (*data).state.resume_from;} + if unsafe{(*data).state.infilesize <= 0 as i64} { + unsafe{ Curl_failf( data, b"File already completely uploaded\0" as *const u8 as *const libc::c_char, - ); + );} return CURLE_PARTIAL_FILE; } } @@ -4604,23 +4614,23 @@ pub unsafe extern "C" fn Curl_http_resume( return CURLE_OK; } #[no_mangle] -pub unsafe extern "C" fn Curl_http_firstwrite( +pub extern "C" fn Curl_http_firstwrite( mut data: *mut Curl_easy, mut conn: *mut connectdata, mut done: *mut bool, ) -> CURLcode { - let mut k: *mut SingleRequest = &mut (*data).req; + let mut k: *mut SingleRequest = unsafe{&mut (*data).req}; #[cfg(all(DEBUGBUILD, HAVE_ASSERT_H))] - if (*(*conn).handler).protocol + if unsafe{(*(*conn).handler).protocol & ((1 as i32) << 0 as i32 | (1 as i32) << 1 as i32 | (1 as i32) << 18 as i32) as u32 - != 0 + != 0} { } else { - __assert_fail( + unsafe{ __assert_fail( b"conn->handler->protocol&(((1<<0)|(1<<1))|(1<<18))\0" as *const u8 as *const libc::c_char, b"http.c\0" as *const u8 as *const libc::c_char, - 2905 as i32 as u32, + 2905 as u32, (*::std::mem::transmute::< &[u8; 81], &[libc::c_char; 81], @@ -4628,41 +4638,41 @@ pub unsafe extern "C" fn Curl_http_firstwrite( b"CURLcode Curl_http_firstwrite(struct Curl_easy *, struct connectdata *, _Bool *)\0", )) .as_ptr(), - ); + );} } - if ((*data).req).ignore_cl() != 0 { - let ref mut fresh64 = (*k).maxdownload; + if unsafe{((*data).req).ignore_cl() != 0 }{ + let ref mut fresh64 = unsafe{(*k).maxdownload}; *fresh64 = -(1 as i32) as curl_off_t; - (*k).size = *fresh64; - } else if (*k).size != -(1 as i32) as i64 { - if (*data).set.max_filesize != 0 && (*k).size > (*data).set.max_filesize { - Curl_failf( + unsafe{ (*k).size = *fresh64;} + } else if unsafe{(*k).size != -(1 as i32) as i64 }{ + if unsafe{(*data).set.max_filesize != 0 && (*k).size > (*data).set.max_filesize} { + unsafe{ Curl_failf( data, b"Maximum file size exceeded\0" as *const u8 as *const libc::c_char, - ); + );} return CURLE_FILESIZE_EXCEEDED; } - Curl_pgrsSetDownloadSize(data, (*k).size); + unsafe{ Curl_pgrsSetDownloadSize(data, (*k).size);} } - if !((*data).req.newurl).is_null() { - if ((*conn).bits).close() != 0 { - (*k).keepon &= !((1 as i32) << 0 as i32); - *done = 1 as i32 != 0; + if unsafe{!((*data).req.newurl).is_null() }{ + if unsafe{((*conn).bits).close() != 0} { + unsafe{(*k).keepon &= !((1 as i32) << 0 as i32); + *done = 1 as i32 != 0;} return CURLE_OK; } - (*k).set_ignorebody(1 as i32 as bit); + unsafe{(*k).set_ignorebody(1 as bit); Curl_infof( data, b"Ignoring the response-body\0" as *const u8 as *const libc::c_char, - ); + );} } - if (*data).state.resume_from != 0 + if unsafe{(*data).state.resume_from != 0 && (*k).content_range() == 0 - && (*data).state.httpreq as u32 == HTTPREQ_GET as i32 as u32 - && (*k).ignorebody() == 0 + && (*data).state.httpreq as u32 == HTTPREQ_GET as u32 + && (*k).ignorebody() == 0} { - if (*k).size == (*data).state.resume_from { - Curl_infof( + if unsafe{(*k).size == (*data).state.resume_from }{ + unsafe{ Curl_infof( data, b"The entire document is already downloaded\0" as *const u8 as *const libc::c_char, ); @@ -4676,18 +4686,18 @@ pub unsafe extern "C" fn Curl_http_firstwrite( ); (*k).keepon &= !((1 as i32) << 0 as i32); *done = 1 as i32 != 0; - return CURLE_OK; - } + return CURLE_OK;} + }unsafe{ Curl_failf( data, b"HTTP server doesn't seem to support byte ranges. Cannot resume.\0" as *const u8 as *const libc::c_char, - ); + );} return CURLE_RANGE_ERROR; } - if (*data).set.timecondition as u32 != 0 && ((*data).state.range).is_null() { - if !Curl_meets_timecondition(data, (*k).timeofdoc) { - *done = 1 as i32 != 0; + if unsafe{(*data).set.timecondition as u32 != 0 && ((*data).state.range).is_null()} { + if unsafe{!Curl_meets_timecondition(data, (*k).timeofdoc)} { + unsafe{*done = 1 as i32 != 0; (*data).info.httpcode = 304 as i32; Curl_infof( data, @@ -4700,7 +4710,7 @@ pub unsafe extern "C" fn Curl_http_firstwrite( conn, 1 as i32, b"Simulated 304 handling\0" as *const u8 as *const libc::c_char, - ); + );} return CURLE_OK; } } @@ -4708,28 +4718,28 @@ pub unsafe extern "C" fn Curl_http_firstwrite( } #[cfg(HAVE_LIBZ)] #[no_mangle] -pub unsafe extern "C" fn Curl_transferencode(mut data: *mut Curl_easy) -> CURLcode { - if (Curl_checkheaders(data, b"TE\0" as *const u8 as *const libc::c_char)).is_null() - && ((*data).set).http_transfer_encoding() as i32 != 0 +pub extern "C" fn Curl_transferencode(mut data: *mut Curl_easy) -> CURLcode { + if unsafe{(Curl_checkheaders(data, b"TE\0" as *const u8 as *const libc::c_char)).is_null() + && ((*data).set).http_transfer_encoding() as i32 != 0} { let mut cptr: *mut libc::c_char = - Curl_checkheaders(data, b"Connection\0" as *const u8 as *const libc::c_char); + unsafe{Curl_checkheaders(data, b"Connection\0" as *const u8 as *const libc::c_char)}; #[cfg(not(CURLDEBUG))] - Curl_cfree.expect("non-null function pointer")((*data).state.aptr.te as *mut libc::c_void); + unsafe{Curl_cfree.expect("non-null function pointer")((*data).state.aptr.te as *mut libc::c_void);} #[cfg(CURLDEBUG)] - curl_dbg_free( + unsafe{curl_dbg_free( (*data).state.aptr.te as *mut libc::c_void, 2990 as i32, b"http.c\0" as *const u8 as *const libc::c_char, ); - (*data).state.aptr.te = 0 as *mut libc::c_char; + (*data).state.aptr.te = 0 as *mut libc::c_char;} if !cptr.is_null() { cptr = Curl_copy_header_value(cptr); if cptr.is_null() { return CURLE_OUT_OF_MEMORY; } } - (*data).state.aptr.te = curl_maprintf( + unsafe{ (*data).state.aptr.te = curl_maprintf( b"Connection: %s%sTE\r\nTE: gzip\r\n\0" as *const u8 as *const libc::c_char, if !cptr.is_null() { cptr as *const libc::c_char @@ -4749,8 +4759,8 @@ pub unsafe extern "C" fn Curl_transferencode(mut data: *mut Curl_easy) -> CURLco cptr as *mut libc::c_void, 3002 as i32, b"http.c\0" as *const u8 as *const libc::c_char, - ); - if ((*data).state.aptr.te).is_null() { + );} + if unsafe{((*data).state.aptr.te).is_null()} { return CURLE_OUT_OF_MEMORY; } } @@ -4758,8 +4768,8 @@ pub unsafe extern "C" fn Curl_transferencode(mut data: *mut Curl_easy) -> CURLco } #[cfg(not(USE_HYPER))] #[no_mangle] -pub unsafe extern "C" fn Curl_http(mut data: *mut Curl_easy, mut done: *mut bool) -> CURLcode { - let mut conn: *mut connectdata = (*data).conn; +pub extern "C" fn Curl_http(mut data: *mut Curl_easy, mut done: *mut bool) -> CURLcode { + let mut conn: *mut connectdata = unsafe{(*data).conn}; let mut result: CURLcode = CURLE_OK; let mut http: *mut HTTP = 0 as *mut HTTP; let mut httpreq: Curl_HttpReq = HTTPREQ_GET; @@ -4776,9 +4786,10 @@ pub unsafe extern "C" fn Curl_http(mut data: *mut Curl_easy, mut done: *mut bool }; let mut altused: *mut libc::c_char = 0 as *mut libc::c_char; let mut p_accept: *const libc::c_char = 0 as *const libc::c_char; - *done = 1 as i32 != 0; - if (*conn).transport as u32 != TRNSPRT_QUIC as i32 as u32 { - if ((*conn).httpversion as i32) < 20 as i32 { + unsafe{*done = 1 as i32 != 0;} + if unsafe{(*conn).transport as u32 }!= TRNSPRT_QUIC as u32 { + if unsafe{((*conn).httpversion as i32) < 20 as i32} { + unsafe{ match (*conn).negnpn { 3 => { (*conn).httpversion = 20 as i32 as u8; @@ -4808,11 +4819,11 @@ pub unsafe extern "C" fn Curl_http(mut data: *mut Curl_easy, mut done: *mut bool data, b"HTTP/2 over clean TCP\0" as *const u8 as *const libc::c_char, ); - (*conn).httpversion = 20 as i32 as u8; + (*conn).httpversion = 20 as u8; result = Curl_http2_switched( data, 0 as *const libc::c_char, - 0 as i32 as size_t, + 0 as size_t, ); if result as u64 != 0 { return result; @@ -4820,48 +4831,49 @@ pub unsafe extern "C" fn Curl_http(mut data: *mut Curl_easy, mut done: *mut bool } } } - } + }} } else { - result = Curl_http2_setup(data, conn); + result = unsafe{Curl_http2_setup(data, conn)}; if result as u64 != 0 { return result; } } } - http = (*data).req.p.http; + http =unsafe{ (*data).req.p.http}; #[cfg(all(DEBUGBUILD, HAVE_ASSERT_H))] if !http.is_null() { } else { - __assert_fail( + unsafe{__assert_fail( b"http\0" as *const u8 as *const libc::c_char, b"http.c\0" as *const u8 as *const libc::c_char, - 3079 as i32 as u32, + 3079 as u32, (*::std::mem::transmute::<&[u8; 48], &[libc::c_char; 48]>( b"CURLcode Curl_http(struct Curl_easy *, _Bool *)\0", )) .as_ptr(), - ); + );} } - result = Curl_http_host(data, conn); + result = unsafe{Curl_http_host(data, conn)}; if result as u64 != 0 { return result; } - result = Curl_http_useragent(data); + result = unsafe{Curl_http_useragent(data)}; if result as u64 != 0 { return result; } - Curl_http_method(data, conn, &mut request, &mut httpreq); + unsafe{Curl_http_method(data, conn, &mut request, &mut httpreq);} let mut pq: *mut libc::c_char = 0 as *mut libc::c_char; - if !((*data).state.up.query).is_null() { - pq = curl_maprintf( + if unsafe{!((*data).state.up.query).is_null() }{ + pq = unsafe{curl_maprintf( b"%s?%s\0" as *const u8 as *const libc::c_char, (*data).state.up.path, (*data).state.up.query, - ); + )}; if pq.is_null() { return CURLE_OUT_OF_MEMORY; } } + unsafe{ result = Curl_http_output_auth( data, conn, @@ -4881,10 +4893,10 @@ pub unsafe extern "C" fn Curl_http(mut data: *mut Curl_easy, mut done: *mut bool pq as *mut libc::c_void, 3101 as i32, b"http.c\0" as *const u8 as *const libc::c_char, - ); + );} if result as u64 != 0 { return result; - } + }unsafe{ #[cfg(not(CURLDEBUG))] Curl_cfree.expect("non-null function pointer")((*data).state.aptr.ref_0 as *mut libc::c_void); #[cfg(CURLDEBUG)] @@ -4893,25 +4905,25 @@ pub unsafe extern "C" fn Curl_http(mut data: *mut Curl_easy, mut done: *mut bool 3106 as i32, b"http.c\0" as *const u8 as *const libc::c_char, ); - (*data).state.aptr.ref_0 = 0 as *mut libc::c_char; - if !((*data).state.referer).is_null() - && (Curl_checkheaders(data, b"Referer\0" as *const u8 as *const libc::c_char)).is_null() + (*data).state.aptr.ref_0 = 0 as *mut libc::c_char;} + if unsafe{!((*data).state.referer).is_null() + && (Curl_checkheaders(data, b"Referer\0" as *const u8 as *const libc::c_char)).is_null()} { - (*data).state.aptr.ref_0 = curl_maprintf( + unsafe{ (*data).state.aptr.ref_0 = curl_maprintf( b"Referer: %s\r\n\0" as *const u8 as *const libc::c_char, (*data).state.referer, - ); - if ((*data).state.aptr.ref_0).is_null() { + );} + if unsafe{((*data).state.aptr.ref_0).is_null()} { return CURLE_OUT_OF_MEMORY; } } - if (Curl_checkheaders( + if unsafe{(Curl_checkheaders( data, b"Accept-Encoding\0" as *const u8 as *const libc::c_char, )) .is_null() - && !((*data).set.str_0[STRING_ENCODING as i32 as usize]).is_null() - { + && !((*data).set.str_0[STRING_ENCODING as usize]).is_null()} + {unsafe{ #[cfg(not(CURLDEBUG))] Curl_cfree.expect("non-null function pointer")( (*data).state.aptr.accept_encoding as *mut libc::c_void, @@ -4925,12 +4937,13 @@ pub unsafe extern "C" fn Curl_http(mut data: *mut Curl_easy, mut done: *mut bool (*data).state.aptr.accept_encoding = 0 as *mut libc::c_char; (*data).state.aptr.accept_encoding = curl_maprintf( b"Accept-Encoding: %s\r\n\0" as *const u8 as *const libc::c_char, - (*data).set.str_0[STRING_ENCODING as i32 as usize], + (*data).set.str_0[STRING_ENCODING as usize], ); if ((*data).state.aptr.accept_encoding).is_null() { return CURLE_OUT_OF_MEMORY; - } + }} } else { + unsafe{ #[cfg(not(CURLDEBUG))] Curl_cfree.expect("non-null function pointer")( (*data).state.aptr.accept_encoding as *mut libc::c_void, @@ -4941,13 +4954,13 @@ pub unsafe extern "C" fn Curl_http(mut data: *mut Curl_easy, mut done: *mut bool 3122 as i32, b"http.c\0" as *const u8 as *const libc::c_char, ); - (*data).state.aptr.accept_encoding = 0 as *mut libc::c_char; + (*data).state.aptr.accept_encoding = 0 as *mut libc::c_char;} } // TODO 测试过了就把注释删咯 match () { #[cfg(HAVE_LIBZ)] _ => { - result = Curl_transferencode(data); + result = unsafe{Curl_transferencode(data)}; if result as u64 != 0 { return result; } @@ -4961,55 +4974,55 @@ pub unsafe extern "C" fn Curl_http(mut data: *mut Curl_easy, mut done: *mut bool // return result; // } // } - result = Curl_http_body(data, conn, httpreq, &mut te); + result = unsafe{Curl_http_body(data, conn, httpreq, &mut te)}; if result as u64 != 0 { return result; } p_accept = - if !(Curl_checkheaders(data, b"Accept\0" as *const u8 as *const libc::c_char)).is_null() { + if unsafe{!(Curl_checkheaders(data, b"Accept\0" as *const u8 as *const libc::c_char)).is_null()} { 0 as *const libc::c_char } else { b"Accept: */*\r\n\0" as *const u8 as *const libc::c_char }; - result = Curl_http_resume(data, conn, httpreq); + result = unsafe{Curl_http_resume(data, conn, httpreq)}; if result as u64 != 0 { return result; } - result = Curl_http_range(data, httpreq); + result = unsafe{Curl_http_range(data, httpreq)}; if result as u64 != 0 { return result; } - httpstring = get_http_string(data, conn); - Curl_dyn_init(&mut req, (1024 as i32 * 1024 as i32) as size_t); - Curl_dyn_reset(&mut (*data).state.headerb); - result = Curl_dyn_addf( + httpstring = unsafe{get_http_string(data, conn)}; + unsafe{Curl_dyn_init(&mut req, (1024 as i32 * 1024 as i32) as size_t); + Curl_dyn_reset(&mut (*data).state.headerb);} + result = unsafe{Curl_dyn_addf( &mut req as *mut dynbuf, b"%s \0" as *const u8 as *const libc::c_char, request, - ); + )}; if result as u64 == 0 { - result = Curl_http_target(data, conn, &mut req); + result = unsafe{Curl_http_target(data, conn, &mut req)}; } if result as u64 != 0 { - Curl_dyn_free(&mut req); + unsafe{Curl_dyn_free(&mut req);} return result; } #[cfg(not(CURL_DISABLE_ALTSVC))] - if ((*conn).bits).altused() as i32 != 0 - && (Curl_checkheaders(data, b"Alt-Used\0" as *const u8 as *const libc::c_char)).is_null() + if unsafe{((*conn).bits).altused() as i32 != 0} + && unsafe{(Curl_checkheaders(data, b"Alt-Used\0" as *const u8 as *const libc::c_char)).is_null()} { - altused = curl_maprintf( + altused = unsafe{curl_maprintf( b"Alt-Used: %s:%d\r\n\0" as *const u8 as *const libc::c_char, (*conn).conn_to_host.name, (*conn).conn_to_port, - ); + )}; if altused.is_null() { - Curl_dyn_free(&mut req); + unsafe{Curl_dyn_free(&mut req);} return CURLE_OUT_OF_MEMORY; } } #[cfg(not(CURL_DISABLE_PROXY))] - let flag2: bool = ((*conn).bits).httpproxy() as i32 != 0 + let flag2: bool = unsafe{((*conn).bits).httpproxy() as i32 != 0 && ((*conn).bits).tunnel_proxy() == 0 && (Curl_checkheaders( data, @@ -5021,10 +5034,10 @@ pub unsafe extern "C" fn Curl_http(mut data: *mut Curl_easy, mut done: *mut bool conn, b"Proxy-Connection\0" as *const u8 as *const libc::c_char, )) - .is_null(); + .is_null()}; #[cfg(CURL_DISABLE_PROXY)] let flag2: bool = false; - result = Curl_dyn_addf( + result = unsafe{Curl_dyn_addf( &mut req as *mut dynbuf, b" HTTP/%s\r\n%s%s%s%s%s%s%s%s%s%s%s%s\0" as *const u8 as *const libc::c_char, httpstring, @@ -5048,8 +5061,8 @@ pub unsafe extern "C" fn Curl_http(mut data: *mut Curl_easy, mut done: *mut bool } else { b"\0" as *const u8 as *const libc::c_char }, - if !((*data).set.str_0[STRING_USERAGENT as i32 as usize]).is_null() - && *(*data).set.str_0[STRING_USERAGENT as i32 as usize] as i32 != 0 + if !((*data).set.str_0[STRING_USERAGENT as usize]).is_null() + && *(*data).set.str_0[STRING_USERAGENT as usize] as i32 != 0 && !((*data).state.aptr.uagent).is_null() { (*data).state.aptr.uagent as *const libc::c_char @@ -5066,8 +5079,8 @@ pub unsafe extern "C" fn Curl_http(mut data: *mut Curl_easy, mut done: *mut bool } else { b"\0" as *const u8 as *const libc::c_char }, - if !((*data).set.str_0[STRING_ENCODING as i32 as usize]).is_null() - && *(*data).set.str_0[STRING_ENCODING as i32 as usize] as i32 != 0 + if !((*data).set.str_0[STRING_ENCODING as usize]).is_null() + && *(*data).set.str_0[STRING_ENCODING as usize] as i32 != 0 && !((*data).state.aptr.accept_encoding).is_null() { (*data).state.aptr.accept_encoding as *const libc::c_char @@ -5090,7 +5103,8 @@ pub unsafe extern "C" fn Curl_http(mut data: *mut Curl_easy, mut done: *mut bool } else { b"\0" as *const u8 as *const libc::c_char }, - ); + )}; + unsafe{ #[cfg(not(CURLDEBUG))] Curl_cfree.expect("non-null function pointer")((*data).state.aptr.userpwd as *mut libc::c_void); #[cfg(CURLDEBUG)] @@ -5118,54 +5132,54 @@ pub unsafe extern "C" fn Curl_http(mut data: *mut Curl_easy, mut done: *mut bool altused as *mut libc::c_void, 3226 as i32, b"http.c\0" as *const u8 as *const libc::c_char, - ); + );} if result as u64 != 0 { - Curl_dyn_free(&mut req); + unsafe{Curl_dyn_free(&mut req);} return result; } - if (*(*conn).handler).flags & ((1 as i32) << 0 as i32) as u32 == 0 + if unsafe{(*(*conn).handler).flags & ((1 as i32) << 0 as i32) as u32 == 0 && (*conn).httpversion as i32 != 20 as i32 - && (*data).state.httpwant as i32 == CURL_HTTP_VERSION_2_0 as i32 + && (*data).state.httpwant as i32 == CURL_HTTP_VERSION_2_0 as i32} { - result = Curl_http2_request_upgrade(&mut req, data); + result = unsafe{Curl_http2_request_upgrade(&mut req, data)}; if result as u64 != 0 { - Curl_dyn_free(&mut req); + unsafe{Curl_dyn_free(&mut req);} return result; } } - result = Curl_http_cookies(data, conn, &mut req); + result = unsafe{Curl_http_cookies(data, conn, &mut req)}; if result as u64 == 0 { - result = Curl_add_timecondition(data, &mut req); + result = unsafe{Curl_add_timecondition(data, &mut req)}; } if result as u64 == 0 { - result = Curl_add_custom_headers(data, 0 as i32 != 0, &mut req); + result = unsafe{Curl_add_custom_headers(data, 0 as i32 != 0, &mut req)}; } if result as u64 == 0 { - (*http).postdata = 0 as *const libc::c_char; - if httpreq as u32 == HTTPREQ_GET as i32 as u32 - || httpreq as u32 == HTTPREQ_HEAD as i32 as u32 + unsafe{(*http).postdata = 0 as *const libc::c_char;} + if httpreq as u32 == HTTPREQ_GET as u32 + || httpreq as u32 == HTTPREQ_HEAD as u32 { - Curl_pgrsSetUploadSize(data, 0 as i32 as curl_off_t); + unsafe{ Curl_pgrsSetUploadSize(data, 0 as curl_off_t);} } - result = Curl_http_bodysend(data, conn, &mut req, httpreq); + result = unsafe{Curl_http_bodysend(data, conn, &mut req, httpreq)}; } if result as u64 != 0 { - Curl_dyn_free(&mut req); + unsafe{ Curl_dyn_free(&mut req);} return result; } - if (*http).postsize > -(1 as i32) as i64 + if unsafe{(*http).postsize > -(1 as i32) as i64 && (*http).postsize <= (*data).req.writebytecount - && (*http).sending as u32 != HTTPSEND_REQUEST as i32 as u32 + && (*http).sending as u32 != HTTPSEND_REQUEST as i32 as u32} { - (*data).req.set_upload_done(1 as i32 as bit); + unsafe{ (*data).req.set_upload_done(1 as i32 as bit);} } - if (*data).req.writebytecount != 0 { - Curl_pgrsSetUploadCounter(data, (*data).req.writebytecount); - if Curl_pgrsUpdate(data) != 0 { + if unsafe{(*data).req.writebytecount != 0 }{ + unsafe{ Curl_pgrsSetUploadCounter(data, (*data).req.writebytecount);} + if unsafe{Curl_pgrsUpdate(data) != 0} { result = CURLE_ABORTED_BY_CALLBACK; } - if (*http).postsize == 0 { - Curl_infof( + if unsafe{(*http).postsize == 0} { + unsafe{ Curl_infof( data, b"upload completely sent off: %ld out of %ld bytes\0" as *const u8 as *const libc::c_char, @@ -5175,128 +5189,128 @@ pub unsafe extern "C" fn Curl_http(mut data: *mut Curl_easy, mut done: *mut bool (*data).req.set_upload_done(1 as i32 as bit); (*data).req.keepon &= !((1 as i32) << 1 as i32); (*data).req.exp100 = EXP100_SEND_DATA; - Curl_expire_done(data, EXPIRE_100_TIMEOUT); + Curl_expire_done(data, EXPIRE_100_TIMEOUT);} } } - if (*conn).httpversion as i32 == 20 as i32 && ((*data).req).upload_chunky() as i32 != 0 { - (*data).req.set_upload_chunky(0 as i32 as bit); + if unsafe{(*conn).httpversion as i32 == 20 as i32 && ((*data).req).upload_chunky() as i32 != 0} { + unsafe{ (*data).req.set_upload_chunky(0 as bit);} } return result; } -unsafe extern "C" fn checkprefixmax( + extern "C" fn checkprefixmax( mut prefix: *const libc::c_char, mut buffer: *const libc::c_char, mut len: size_t, ) -> bool { - let mut ch: size_t = if strlen(prefix) < len { - strlen(prefix) + let mut ch: size_t = if unsafe{strlen(prefix) < len} { + unsafe{strlen(prefix)} } else { len }; - return curl_strnequal(prefix, buffer, ch) != 0; + return unsafe{curl_strnequal(prefix, buffer, ch) != 0}; } -unsafe extern "C" fn checkhttpprefix( + extern "C" fn checkhttpprefix( mut data: *mut Curl_easy, mut s: *const libc::c_char, mut len: size_t, ) -> statusline { - let mut head: *mut curl_slist = (*data).set.http200aliases; + let mut head: *mut curl_slist = unsafe{(*data).set.http200aliases}; let mut rc: statusline = STATUS_BAD; - let mut onmatch: statusline = (if len >= 5 as i32 as u64 { + let mut onmatch: statusline = (if len >= 5 as u64 { STATUS_DONE as i32 } else { STATUS_UNKNOWN as i32 }) as statusline; while !head.is_null() { - if checkprefixmax((*head).data, s, len) { + if unsafe{checkprefixmax((*head).data, s, len)} { rc = onmatch; break; } else { - head = (*head).next; + head = unsafe{(*head).next}; } } - if rc as u32 != STATUS_DONE as i32 as u32 - && checkprefixmax(b"HTTP/\0" as *const u8 as *const libc::c_char, s, len) as i32 != 0 + if rc as u32 != STATUS_DONE as u32 + && unsafe{checkprefixmax(b"HTTP/\0" as *const u8 as *const libc::c_char, s, len) as i32 != 0} { rc = onmatch; } return rc; } #[cfg(not(CURL_DISABLE_RSTP))] -unsafe extern "C" fn checkrtspprefix( + extern "C" fn checkrtspprefix( mut data: *mut Curl_easy, mut s: *const libc::c_char, mut len: size_t, ) -> statusline { let mut result: statusline = STATUS_BAD; - let mut onmatch: statusline = (if len >= 5 as i32 as u64 { + let mut onmatch: statusline = (if len >= 5 as u64 { STATUS_DONE as i32 } else { STATUS_UNKNOWN as i32 }) as statusline; - if checkprefixmax(b"RTSP/\0" as *const u8 as *const libc::c_char, s, len) { + if unsafe{checkprefixmax(b"RTSP/\0" as *const u8 as *const libc::c_char, s, len)} { result = onmatch; } return result; } -unsafe extern "C" fn checkprotoprefix( + extern "C" fn checkprotoprefix( mut data: *mut Curl_easy, mut conn: *mut connectdata, mut s: *const libc::c_char, mut len: size_t, -) -> statusline { +) -> statusline {unsafe{ #[cfg(not(CURL_DISABLE_RSTP))] if (*(*conn).handler).protocol & ((1 as i32) << 18 as i32) as u32 != 0 { return checkrtspprefix(data, s, len); } - return checkhttpprefix(data, s, len); + return checkhttpprefix(data, s, len);} } #[no_mangle] -pub unsafe extern "C" fn Curl_http_header( +pub extern "C" fn Curl_http_header( mut data: *mut Curl_easy, mut conn: *mut connectdata, mut headp: *mut libc::c_char, ) -> CURLcode { let mut result: CURLcode = CURLE_OK; - let mut k: *mut SingleRequest = &mut (*data).req; + let mut k: *mut SingleRequest = unsafe{&mut (*data).req}; #[cfg(not(CURL_DISABLE_PROXY))] - let flag1: bool = (*conn).httpversion as i32 == 10 as i32 + let flag1: bool = unsafe{(*conn).httpversion as i32 == 10 as i32 && ((*conn).bits).httpproxy() as i32 != 0 && Curl_compareheader( headp, b"Proxy-Connection:\0" as *const u8 as *const libc::c_char, b"keep-alive\0" as *const u8 as *const libc::c_char, ) as i32 - != 0; + != 0}; #[cfg(CURL_DISABLE_PROXY)] let flag1: bool = false; #[cfg(not(CURL_DISABLE_PROXY))] - let flag2: bool = (*conn).httpversion as i32 == 11 as i32 + let flag2: bool = unsafe{(*conn).httpversion as i32 == 11 as i32 && ((*conn).bits).httpproxy() as i32 != 0 && Curl_compareheader( headp, b"Proxy-Connection:\0" as *const u8 as *const libc::c_char, b"close\0" as *const u8 as *const libc::c_char, ) as i32 - != 0; + != 0}; #[cfg(CURL_DISABLE_PROXY)] let flag2: bool = false; #[cfg(not(CURL_DISABLE_COOKIES))] - let flag3: bool = !((*data).cookies).is_null() + let flag3: bool = unsafe{!((*data).cookies).is_null() && ((*data).state).cookie_engine() as i32 != 0 && curl_strnequal( b"Set-Cookie:\0" as *const u8 as *const libc::c_char, headp, strlen(b"Set-Cookie:\0" as *const u8 as *const libc::c_char), - ) != 0; + ) != 0}; #[cfg(CURL_DISABLE_COOKIES)] let flag3: bool = false; #[cfg(USE_SPNEGO)] - let flag4: bool = curl_strnequal( + let flag4: bool =unsafe{ curl_strnequal( b"Persistent-Auth:\0" as *const u8 as *const libc::c_char, headp, strlen(b"Persistent-Auth:\0" as *const u8 as *const libc::c_char), - ) != 0; + ) != 0}; #[cfg(not(USE_SPNEGO))] let flag4: bool = false; // let flag4: bool = if cfg!(USE_SPNEGO) { @@ -5309,16 +5323,16 @@ pub unsafe extern "C" fn Curl_http_header( // false // }; #[cfg(not(CURL_DISABLE_HSTS))] - let flag5: bool = !((*data).hsts).is_null() + let flag5: bool = unsafe{!((*data).hsts).is_null() && curl_strnequal( b"Strict-Transport-Security:\0" as *const u8 as *const libc::c_char, headp, strlen(b"Strict-Transport-Security:\0" as *const u8 as *const libc::c_char), ) != 0 - && (*(*conn).handler).flags & ((1 as i32) << 0 as i32) as u32 != 0; + && (*(*conn).handler).flags & ((1 as i32) << 0 as i32) as u32 != 0}; #[cfg(CURL_DISABLE_HSTS)] let flag5: bool = false; - let flag6: bool = if cfg!(all(not(CURL_DISABLE_ALTSVC), not(CURLDEBUG))) { + let flag6: bool =unsafe{ if cfg!(all(not(CURL_DISABLE_ALTSVC), not(CURLDEBUG))) { !((*data).asi).is_null() && curl_strnequal( b"Alt-Svc:\0" as *const u8 as *const libc::c_char, @@ -5337,34 +5351,34 @@ pub unsafe extern "C" fn Curl_http_header( || !(getenv(b"CURL_ALTSVC_HTTP\0" as *const u8 as *const libc::c_char)).is_null()) } else { false - }; - if (*k).http_bodyless() == 0 + }}; + if unsafe{(*k).http_bodyless() == 0 && ((*data).set).ignorecl() == 0 && curl_strnequal( b"Content-Length:\0" as *const u8 as *const libc::c_char, headp, strlen(b"Content-Length:\0" as *const u8 as *const libc::c_char), - ) != 0 + ) != 0} { let mut contentlength: curl_off_t = 0; - let mut offt: CURLofft = curlx_strtoofft( + let mut offt: CURLofft = unsafe{curlx_strtoofft( headp.offset(strlen(b"Content-Length:\0" as *const u8 as *const libc::c_char) as isize), 0 as *mut *mut libc::c_char, 10 as i32, &mut contentlength, - ); - if offt as u32 == CURL_OFFT_OK as i32 as u32 { - (*k).size = contentlength; - (*k).maxdownload = (*k).size; - } else if offt as u32 == CURL_OFFT_FLOW as i32 as u32 { - if (*data).set.max_filesize != 0 { - Curl_failf( + )}; + if offt as u32 == CURL_OFFT_OK as u32 { + unsafe{ (*k).size = contentlength; + (*k).maxdownload = (*k).size;} + } else if offt as u32 == CURL_OFFT_FLOW as u32 { + if unsafe{(*data).set.max_filesize != 0} { + unsafe{ Curl_failf( data, b"Maximum file size exceeded\0" as *const u8 as *const libc::c_char, - ); + );} return CURLE_FILESIZE_EXCEEDED; } - #[cfg(not(all(DEBUGBUILD, not(CURL_DISABLE_VERBOSE_STRINGS))))] + unsafe{ #[cfg(not(all(DEBUGBUILD, not(CURL_DISABLE_VERBOSE_STRINGS))))] Curl_conncontrol(conn, 2 as i32); #[cfg(all(DEBUGBUILD, not(CURL_DISABLE_VERBOSE_STRINGS)))] Curl_conncontrol( @@ -5375,35 +5389,35 @@ pub unsafe extern "C" fn Curl_http_header( Curl_infof( data, b"Overflow Content-Length: value!\0" as *const u8 as *const libc::c_char, - ); + );} } else { - Curl_failf( + unsafe{Curl_failf( data, b"Invalid Content-Length: value\0" as *const u8 as *const libc::c_char, - ); + );} return CURLE_WEIRD_SERVER_REPLY; } - } else if curl_strnequal( + } else if unsafe{curl_strnequal( b"Content-Type:\0" as *const u8 as *const libc::c_char, headp, strlen(b"Content-Type:\0" as *const u8 as *const libc::c_char), - ) != 0 + ) != 0} { - let mut contenttype: *mut libc::c_char = Curl_copy_header_value(headp); + let mut contenttype: *mut libc::c_char =unsafe{ Curl_copy_header_value(headp)}; if contenttype.is_null() { return CURLE_OUT_OF_MEMORY; } - if *contenttype == 0 { - #[cfg(not(CURLDEBUG))] + if unsafe{*contenttype == 0} { + unsafe{#[cfg(not(CURLDEBUG))] Curl_cfree.expect("non-null function pointer")(contenttype as *mut libc::c_void); #[cfg(CURLDEBUG)] curl_dbg_free( contenttype as *mut libc::c_void, 3445 as i32, b"http.c\0" as *const u8 as *const libc::c_char, - ); + );} } else { - #[cfg(not(CURLDEBUG))] + unsafe{#[cfg(not(CURLDEBUG))] Curl_cfree.expect("non-null function pointer")( (*data).info.contenttype as *mut libc::c_void, ); @@ -5414,10 +5428,10 @@ pub unsafe extern "C" fn Curl_http_header( b"http.c\0" as *const u8 as *const libc::c_char, ); (*data).info.contenttype = 0 as *mut libc::c_char; - (*data).info.contenttype = contenttype; + (*data).info.contenttype = contenttype;} } } else if flag1 { - #[cfg(not(all(DEBUGBUILD, not(CURL_DISABLE_VERBOSE_STRINGS))))] + unsafe{#[cfg(not(all(DEBUGBUILD, not(CURL_DISABLE_VERBOSE_STRINGS))))] Curl_conncontrol(conn, 0 as i32); #[cfg(all(DEBUGBUILD, not(CURL_DISABLE_VERBOSE_STRINGS)))] Curl_conncontrol( @@ -5428,9 +5442,9 @@ pub unsafe extern "C" fn Curl_http_header( Curl_infof( data, b"HTTP/1.0 proxy connection set to keep alive!\0" as *const u8 as *const libc::c_char, - ); + );} } else if flag2 { - #[cfg(not(all(DEBUGBUILD, not(CURL_DISABLE_VERBOSE_STRINGS))))] + unsafe{#[cfg(not(all(DEBUGBUILD, not(CURL_DISABLE_VERBOSE_STRINGS))))] Curl_conncontrol(conn, 1 as i32); #[cfg(all(DEBUGBUILD, not(CURL_DISABLE_VERBOSE_STRINGS)))] Curl_conncontrol( @@ -5441,16 +5455,16 @@ pub unsafe extern "C" fn Curl_http_header( Curl_infof( data, b"HTTP/1.1 proxy connection set close!\0" as *const u8 as *const libc::c_char, - ); - } else if (*conn).httpversion as i32 == 10 as i32 + );} + } else if unsafe{(*conn).httpversion as i32 == 10 as i32 && Curl_compareheader( headp, b"Connection:\0" as *const u8 as *const libc::c_char, b"keep-alive\0" as *const u8 as *const libc::c_char, ) as i32 - != 0 + != 0} { - #[cfg(not(all(DEBUGBUILD, not(CURL_DISABLE_VERBOSE_STRINGS))))] + unsafe{#[cfg(not(all(DEBUGBUILD, not(CURL_DISABLE_VERBOSE_STRINGS))))] Curl_conncontrol(conn, 0 as i32); #[cfg(all(DEBUGBUILD, not(CURL_DISABLE_VERBOSE_STRINGS)))] Curl_conncontrol( @@ -5461,12 +5475,12 @@ pub unsafe extern "C" fn Curl_http_header( Curl_infof( data, b"HTTP/1.0 connection set to keep alive!\0" as *const u8 as *const libc::c_char, - ); - } else if Curl_compareheader( + );} + } else if unsafe{Curl_compareheader( headp, b"Connection:\0" as *const u8 as *const libc::c_char, b"close\0" as *const u8 as *const libc::c_char, - ) { + ) }{unsafe{ #[cfg(not(all(DEBUGBUILD, not(CURL_DISABLE_VERBOSE_STRINGS))))] Curl_conncontrol(conn, 2 as i32); #[cfg(all(DEBUGBUILD, not(CURL_DISABLE_VERBOSE_STRINGS)))] @@ -5474,26 +5488,26 @@ pub unsafe extern "C" fn Curl_http_header( conn, 2 as i32, b"Connection: close used\0" as *const u8 as *const libc::c_char, - ); - } else if (*k).http_bodyless() == 0 + );} + } else if unsafe{(*k).http_bodyless() == 0 && curl_strnequal( b"Transfer-Encoding:\0" as *const u8 as *const libc::c_char, headp, strlen(b"Transfer-Encoding:\0" as *const u8 as *const libc::c_char), - ) != 0 + ) != 0} { - result = Curl_build_unencoding_stack( + result =unsafe{ Curl_build_unencoding_stack( data, headp.offset( strlen(b"Transfer-Encoding:\0" as *const u8 as *const libc::c_char) as isize, ), 1 as i32, - ); + )}; if result as u64 != 0 { return result; } - if (*k).chunk() == 0 { - #[cfg(not(all(DEBUGBUILD, not(CURL_DISABLE_VERBOSE_STRINGS))))] + if unsafe{(*k).chunk() == 0} { + unsafe{ #[cfg(not(all(DEBUGBUILD, not(CURL_DISABLE_VERBOSE_STRINGS))))] Curl_conncontrol(conn, 1 as i32); #[cfg(all(DEBUGBUILD, not(CURL_DISABLE_VERBOSE_STRINGS)))] Curl_conncontrol( @@ -5501,94 +5515,94 @@ pub unsafe extern "C" fn Curl_http_header( 1 as i32, b"HTTP/1.1 transfer-encoding without chunks\0" as *const u8 as *const libc::c_char, ); - (*k).set_ignore_cl(1 as i32 as bit); + (*k).set_ignore_cl(1 as bit);} } - } else if (*k).http_bodyless() == 0 + } else if unsafe{(*k).http_bodyless() == 0 && curl_strnequal( b"Content-Encoding:\0" as *const u8 as *const libc::c_char, headp, strlen(b"Content-Encoding:\0" as *const u8 as *const libc::c_char), ) != 0 - && !((*data).set.str_0[STRING_ENCODING as i32 as usize]).is_null() + && !((*data).set.str_0[STRING_ENCODING as i32 as usize]).is_null()} { - result = Curl_build_unencoding_stack( + result = unsafe{Curl_build_unencoding_stack( data, headp.offset( strlen(b"Content-Encoding:\0" as *const u8 as *const libc::c_char) as isize, ), 0 as i32, - ); + )}; if result as u64 != 0 { return result; } - } else if curl_strnequal( + } else if unsafe{curl_strnequal( b"Retry-After:\0" as *const u8 as *const libc::c_char, headp, strlen(b"Retry-After:\0" as *const u8 as *const libc::c_char), - ) != 0 + ) != 0} { let mut retry_after: curl_off_t = 0 as i32 as curl_off_t; - let mut date: time_t = Curl_getdate_capped( + let mut date: time_t = unsafe{Curl_getdate_capped( headp.offset(strlen(b"Retry-After:\0" as *const u8 as *const libc::c_char) as isize), - ); + )}; if -(1 as i32) as i64 == date { - curlx_strtoofft( + unsafe{curlx_strtoofft( headp .offset(strlen(b"Retry-After:\0" as *const u8 as *const libc::c_char) as isize), 0 as *mut *mut libc::c_char, 10 as i32, &mut retry_after, - ); + )}; } else { - retry_after = date - time(0 as *mut time_t); + unsafe{retry_after = date - time(0 as *mut time_t);} } - (*data).info.retry_after = retry_after; - } else if (*k).http_bodyless() == 0 + unsafe{(*data).info.retry_after = retry_after;} + } else if unsafe{(*k).http_bodyless() == 0 && curl_strnequal( b"Content-Range:\0" as *const u8 as *const libc::c_char, headp, strlen(b"Content-Range:\0" as *const u8 as *const libc::c_char), - ) != 0 + ) != 0} { let mut ptr: *mut libc::c_char = - headp.offset(strlen(b"Content-Range:\0" as *const u8 as *const libc::c_char) as isize); - while *ptr as i32 != 0 && Curl_isdigit(*ptr as u8 as i32) == 0 && *ptr as i32 != '*' as i32 + unsafe{headp.offset(strlen(b"Content-Range:\0" as *const u8 as *const libc::c_char) as isize)}; + while unsafe{*ptr as i32 != 0 && Curl_isdigit(*ptr as u8 as i32) == 0 && *ptr as i32 != '*' as i32} { - ptr = ptr.offset(1); + ptr = unsafe{ptr.offset(1)}; } - if Curl_isdigit(*ptr as u8 as i32) != 0 { - if curlx_strtoofft( + if unsafe{Curl_isdigit(*ptr as i32) != 0} { + if unsafe{curlx_strtoofft( ptr, 0 as *mut *mut libc::c_char, 10 as i32, &mut (*k).offset, ) as u64 - == 0 + == 0} { - if (*data).state.resume_from == (*k).offset { - (*k).set_content_range(1 as i32 as bit); + if unsafe{(*data).state.resume_from == (*k).offset} { + unsafe{(*k).set_content_range(1 as bit);} } } } else { - (*data).state.resume_from = 0 as i32 as curl_off_t; + unsafe{ (*data).state.resume_from = 0 as curl_off_t;} } } else if flag3 { - let mut host: *const libc::c_char = if !((*data).state.aptr.cookiehost).is_null() { + let mut host: *const libc::c_char = unsafe{if !((*data).state.aptr.cookiehost).is_null() { (*data).state.aptr.cookiehost } else { (*conn).host.name - }; - let secure_context: bool = if (*(*conn).handler).protocol & ((1 as i32) << 1 as i32) as u32 + }}; + let secure_context: bool = if unsafe{(*(*conn).handler).protocol & ((1 as i32) << 1 as i32) as u32 != 0 || Curl_strcasecompare(b"localhost\0" as *const u8 as *const libc::c_char, host) != 0 || strcmp(host, b"127.0.0.1\0" as *const u8 as *const libc::c_char) == 0 - || strcmp(host, b"[::1]\0" as *const u8 as *const libc::c_char) == 0 + || strcmp(host, b"[::1]\0" as *const u8 as *const libc::c_char) == 0} { 1 as i32 } else { 0 as i32 } != 0; - Curl_share_lock(data, CURL_LOCK_DATA_COOKIE, CURL_LOCK_ACCESS_SINGLE); + unsafe{Curl_share_lock(data, CURL_LOCK_DATA_COOKIE, CURL_LOCK_ACCESS_SINGLE); Curl_cookie_add( data, (*data).cookies, @@ -5599,22 +5613,22 @@ pub unsafe extern "C" fn Curl_http_header( (*data).state.up.path, secure_context, ); - Curl_share_unlock(data, CURL_LOCK_DATA_COOKIE); - } else if (*k).http_bodyless() == 0 + Curl_share_unlock(data, CURL_LOCK_DATA_COOKIE);} + } else if unsafe{(*k).http_bodyless() == 0 && curl_strnequal( b"Last-Modified:\0" as *const u8 as *const libc::c_char, headp, strlen(b"Last-Modified:\0" as *const u8 as *const libc::c_char), ) != 0 - && ((*data).set.timecondition as u32 != 0 || ((*data).set).get_filetime() as i32 != 0) + && ((*data).set.timecondition as u32 != 0 || ((*data).set).get_filetime() as i32 != 0)} { - (*k).timeofdoc = Curl_getdate_capped( + unsafe{(*k).timeofdoc = Curl_getdate_capped( headp.offset(strlen(b"Last-Modified:\0" as *const u8 as *const libc::c_char) as isize), ); if ((*data).set).get_filetime() != 0 { (*data).info.filetime = (*k).timeofdoc; - } - } else if curl_strnequal( + }} + } else if unsafe{curl_strnequal( b"WWW-Authenticate:\0" as *const u8 as *const libc::c_char, headp, strlen(b"WWW-Authenticate:\0" as *const u8 as *const libc::c_char), @@ -5625,18 +5639,19 @@ pub unsafe extern "C" fn Curl_http_header( headp, strlen(b"Proxy-authenticate:\0" as *const u8 as *const libc::c_char), ) != 0 - && 407 as i32 == (*k).httpcode + && 407 as i32 == (*k).httpcode} { - let mut proxy: bool = if (*k).httpcode == 407 as i32 { + let mut proxy: bool = if unsafe{(*k).httpcode == 407 as i32} { 1 as i32 } else { 0 as i32 } != 0; - let mut auth: *mut libc::c_char = Curl_copy_header_value(headp); + let mut auth: *mut libc::c_char = unsafe{Curl_copy_header_value(headp)}; if auth.is_null() { return CURLE_OUT_OF_MEMORY; } - result = Curl_http_input_auth(data, proxy, auth); + result = unsafe{Curl_http_input_auth(data, proxy, auth)}; + unsafe{ #[cfg(not(CURLDEBUG))] Curl_cfree.expect("non-null function pointer")(auth as *mut libc::c_void); #[cfg(CURLDEBUG)] @@ -5644,14 +5659,14 @@ pub unsafe extern "C" fn Curl_http_header( auth as *mut libc::c_void, 3616 as i32, b"http.c\0" as *const u8 as *const libc::c_char, - ); + );} if result as u64 != 0 { return result; } } else if flag4 { match () { #[cfg(USE_SPNEGO)] - _ => { + _ => {unsafe{ let mut negdata: *mut negotiatedata = &mut (*conn).negotiate; let mut authp: *mut auth = &mut (*data).state.authhost; if (*authp).picked == (1 as i32 as u64) << 2 as i32 { @@ -5682,7 +5697,7 @@ pub unsafe extern "C" fn Curl_http_header( Curl_cfree.expect("non-null function pointer")( persistentauth as *mut libc::c_void, ); - } + }} } #[cfg(not(USE_SPNEGO))] _ => {} @@ -5720,20 +5735,20 @@ pub unsafe extern "C" fn Curl_http_header( // "non-null function pointer", // )(persistentauth as *mut libc::c_void); // } - } else if (*k).httpcode >= 300 as i32 + } else if unsafe{(*k).httpcode >= 300 as i32 && (*k).httpcode < 400 as i32 && curl_strnequal( b"Location:\0" as *const u8 as *const libc::c_char, headp, strlen(b"Location:\0" as *const u8 as *const libc::c_char), ) != 0 - && ((*data).req.location).is_null() + && ((*data).req.location).is_null()} { - let mut location: *mut libc::c_char = Curl_copy_header_value(headp); + let mut location: *mut libc::c_char = unsafe{Curl_copy_header_value(headp)}; if location.is_null() { return CURLE_OUT_OF_MEMORY; } - if *location == 0 { + if unsafe{*location == 0} {unsafe{ #[cfg(not(CURLDEBUG))] Curl_cfree.expect("non-null function pointer")(location as *mut libc::c_void); #[cfg(CURLDEBUG)] @@ -5741,17 +5756,17 @@ pub unsafe extern "C" fn Curl_http_header( location as *mut libc::c_void, 3647 as i32, b"http.c\0" as *const u8 as *const libc::c_char, - ); + );} } else { - (*data).req.location = location; - if ((*data).set).http_follow_location() != 0 { - #[cfg(all(DEBUGBUILD, HAVE_ASSERT_H))] + unsafe{ (*data).req.location = location;} + if unsafe{((*data).set).http_follow_location() != 0} { + unsafe{#[cfg(all(DEBUGBUILD, HAVE_ASSERT_H))] if ((*data).req.newurl).is_null() { } else { __assert_fail( b"!data->req.newurl\0" as *const u8 as *const libc::c_char, b"http.c\0" as *const u8 as *const libc::c_char, - 3652 as i32 as u32, + 3652 as u32, (*::std::mem::transmute::< &[u8; 76], &[libc::c_char; 76], @@ -5760,26 +5775,26 @@ pub unsafe extern "C" fn Curl_http_header( )) .as_ptr(), ); - } + }} match () { #[cfg(not(CURLDEBUG))] - _ => { + _ => {unsafe{ (*data).req.newurl = Curl_cstrdup.expect("non-null function pointer")((*data).req.location); - } + }} #[cfg(CURLDEBUG)] - _ => { + _ => {unsafe{ (*data).req.newurl = curl_dbg_strdup( (*data).req.location, 3653 as i32, b"http.c\0" as *const u8 as *const libc::c_char, - ); + );} } } - if ((*data).req.newurl).is_null() { + if unsafe{ ((*data).req.newurl).is_null()} { return CURLE_OUT_OF_MEMORY; } - result = http_perhapsrewind(data, conn); + result = unsafe{http_perhapsrewind(data, conn)}; if result as u64 != 0 { return result; } @@ -5789,50 +5804,50 @@ pub unsafe extern "C" fn Curl_http_header( match () { #[cfg(not(CURL_DISABLE_HSTS))] _ => { - let mut check: CURLcode = Curl_hsts_parse( + let mut check: CURLcode = unsafe{Curl_hsts_parse( (*data).hsts, (*data).state.up.hostname, headp.offset(strlen( b"Strict-Transport-Security:\0" as *const u8 as *const libc::c_char, ) as isize), - ); + )}; if check as u64 != 0 { - Curl_infof( + unsafe{Curl_infof( data, b"Illegal STS header skipped\0" as *const u8 as *const libc::c_char, - ); - } else { + )}; + } else {unsafe{ #[cfg(DEBUGBUILD)] Curl_infof( data, b"Parsed STS header fine (%zu entries)\0" as *const u8 as *const libc::c_char, (*(*data).hsts).list.size, - ); + );} } } #[cfg(CURL_DISABLE_HSTS)] _ => {} } } else if flag6 { - let mut id: alpnid = (if (*conn).httpversion as i32 == 20 as i32 { + let mut id: alpnid = (if unsafe{(*conn).httpversion as i32 == 20 as i32} { ALPN_h2 as i32 } else { ALPN_h1 as i32 }) as alpnid; - result = Curl_altsvc_parse( + result = unsafe{Curl_altsvc_parse( data, (*data).asi, headp.offset(strlen(b"Alt-Svc:\0" as *const u8 as *const libc::c_char) as isize), id, (*conn).host.name, curlx_uitous((*conn).remote_port as u32), - ); + )}; if result as u64 != 0 { return result; } - } else if (*(*conn).handler).protocol & ((1 as i32) << 18 as i32) as u32 != 0 { - result = Curl_rtsp_parseheader(data, headp); + } else if unsafe{(*(*conn).handler).protocol & ((1 as i32) << 18 as i32) as u32 != 0} { + result = unsafe{Curl_rtsp_parseheader(data, headp)}; if result as u64 != 0 { return result; } @@ -5840,12 +5855,12 @@ pub unsafe extern "C" fn Curl_http_header( return CURLE_OK; } #[no_mangle] -pub unsafe extern "C" fn Curl_http_statusline( +pub extern "C" fn Curl_http_statusline( mut data: *mut Curl_easy, mut conn: *mut connectdata, ) -> CURLcode { - let mut k: *mut SingleRequest = &mut (*data).req; - (*data).info.httpcode = (*k).httpcode; + let mut k: *mut SingleRequest = unsafe{ &mut (*data).req}; + unsafe{(*data).info.httpcode = (*k).httpcode; (*data).info.httpversion = (*conn).httpversion as i32; if (*data).state.httpversion == 0 || (*data).state.httpversion as i32 > (*conn).httpversion as i32 @@ -5853,10 +5868,10 @@ pub unsafe extern "C" fn Curl_http_statusline( (*data).state.httpversion = (*conn).httpversion; } if (*data).state.resume_from != 0 - && (*data).state.httpreq as u32 == HTTPREQ_GET as i32 as u32 + && (*data).state.httpreq as u32 == HTTPREQ_GET as u32 && (*k).httpcode == 416 as i32 { - (*k).set_ignorebody(1 as i32 as bit); + (*k).set_ignorebody(1 as bit); } if (*conn).httpversion as i32 == 10 as i32 { Curl_infof( @@ -5888,13 +5903,13 @@ pub unsafe extern "C" fn Curl_http_statusline( ); } (*k).set_http_bodyless( - ((*k).httpcode >= 100 as i32 && (*k).httpcode < 200 as i32) as i32 as bit, - ); + ((*k).httpcode >= 100 as i32 && (*k).httpcode < 200 as i32) as bit, + );} let mut current_block_25: u64; - match (*k).httpcode { + match unsafe{(*k).httpcode} { 304 => { - if (*data).set.timecondition as u64 != 0 { - (*data).info.set_timecond(1 as i32 as bit); + if unsafe{(*data).set.timecondition as u64 != 0} { + unsafe{(*data).info.set_timecond(1 as bit);} } current_block_25 = 14741359113768901450; } @@ -5907,9 +5922,9 @@ pub unsafe extern "C" fn Curl_http_statusline( } match current_block_25 { 14741359113768901450 => { - (*k).size = 0 as i32 as curl_off_t; - (*k).maxdownload = 0 as i32 as curl_off_t; - (*k).set_http_bodyless(1 as i32 as bit); + unsafe{ (*k).size = 0 as curl_off_t; + (*k).maxdownload = 0 as curl_off_t; + (*k).set_http_bodyless(1 as bit);} } _ => {} } @@ -5920,16 +5935,16 @@ pub unsafe extern "C" fn Curl_http_statusline( * Read any HTTP header lines from the server and pass them to the client app. */ #[no_mangle] -pub unsafe extern "C" fn Curl_http_readwrite_headers( +pub extern "C" fn Curl_http_readwrite_headers( mut data: *mut Curl_easy, mut conn: *mut connectdata, mut nread: *mut ssize_t, mut stop_reading: *mut bool, ) -> CURLcode { let mut result: CURLcode = CURLE_OK; - let mut k: *mut SingleRequest = &mut (*data).req; - let mut onread: ssize_t = *nread; - let mut ostr: *mut libc::c_char = (*k).str_0; + let mut k: *mut SingleRequest =unsafe{ &mut (*data).req}; + let mut onread: ssize_t = unsafe{*nread}; + let mut ostr: *mut libc::c_char = unsafe{(*k).str_0}; let mut headp: *mut libc::c_char = 0 as *mut libc::c_char; let mut str_start: *mut libc::c_char = 0 as *mut libc::c_char; let mut end_ptr: *mut libc::c_char = 0 as *mut libc::c_char; @@ -5941,37 +5956,37 @@ pub unsafe extern "C" fn Curl_http_readwrite_headers( let mut writetype: i32 = 0; /* str_start is start of line within buf */ - str_start = (*k).str_0; + str_start = unsafe{(*k).str_0}; /* data is in network encoding so use 0x0a instead of '\n' */ - end_ptr = memchr(str_start as *const libc::c_void, 0xa as i32, *nread as u64) + end_ptr =unsafe{ memchr(str_start as *const libc::c_void, 0xa as i32, *nread as u64)} as *mut libc::c_char; if end_ptr.is_null() { /* Not a complete header line within buffer, append the data to the end of the headerbuff. */ - result = Curl_dyn_addn( + result = unsafe{Curl_dyn_addn( &mut (*data).state.headerb, str_start as *const libc::c_void, *nread as size_t, - ); + )}; if result as u64 != 0 { return result; } - if !((*k).headerline == 0) { + if unsafe{!((*k).headerline == 0) }{ /* check if this looks like a protocol header */ break; } - let mut st: statusline = checkprotoprefix( + let mut st: statusline = unsafe{checkprotoprefix( data, conn, Curl_dyn_ptr(&mut (*data).state.headerb), Curl_dyn_len(&mut (*data).state.headerb), - ); - if !(st as u32 == STATUS_BAD as i32 as u32) { + )}; + if !(st as u32 == STATUS_BAD as u32) { break; } - (*k).set_header(0 as i32 as bit); + unsafe{(*k).set_header(0 as bit); (*k).badheader = HEADER_ALLBAD; #[cfg(not(all(DEBUGBUILD, not(CURL_DISABLE_VERBOSE_STRINGS))))] Curl_conncontrol(conn, 2 as i32); @@ -5980,37 +5995,37 @@ pub unsafe extern "C" fn Curl_http_readwrite_headers( conn, 2 as i32, b"bad HTTP: No end-of-message indicator\0" as *const u8 as *const libc::c_char, - ); - if ((*data).set).http09_allowed() == 0 { - Curl_failf( + );} + if unsafe{ ((*data).set).http09_allowed() == 0 }{ + unsafe{Curl_failf( data, b"Received HTTP/0.9 when not allowed\0" as *const u8 as *const libc::c_char, - ); + );} return CURLE_UNSUPPORTED_PROTOCOL; } break; } else { - rest_length = (end_ptr.offset_from((*k).str_0) as i64 + 1 as i32 as i64) as size_t; - *nread -= rest_length as ssize_t; + rest_length = unsafe{(end_ptr.offset_from((*k).str_0) as i64 + 1 as i32 as i64) as size_t}; + unsafe{*nread -= rest_length as ssize_t; (*k).str_0 = end_ptr.offset(1 as isize); - full_length = ((*k).str_0).offset_from(str_start) as i64 as size_t; + full_length = ((*k).str_0).offset_from(str_start) as size_t; result = Curl_dyn_addn( &mut (*data).state.headerb, str_start as *const libc::c_void, full_length, - ); + );} if result as u64 != 0 { return result; } - if (*k).headerline == 0 { - let mut st_0: statusline = checkprotoprefix( + if unsafe{(*k).headerline == 0} { + let mut st_0: statusline = unsafe{checkprotoprefix( data, conn, Curl_dyn_ptr(&mut (*data).state.headerb), Curl_dyn_len(&mut (*data).state.headerb), - ); - if st_0 as u32 == STATUS_BAD as i32 as u32 { - #[cfg(not(all(DEBUGBUILD, not(CURL_DISABLE_VERBOSE_STRINGS))))] + )}; + if st_0 as u32 == STATUS_BAD as u32 { + unsafe{ #[cfg(not(all(DEBUGBUILD, not(CURL_DISABLE_VERBOSE_STRINGS))))] Curl_conncontrol(conn, 2 as i32); #[cfg(all(DEBUGBUILD, not(CURL_DISABLE_VERBOSE_STRINGS)))] Curl_conncontrol( @@ -6027,7 +6042,7 @@ pub unsafe extern "C" fn Curl_http_readwrite_headers( ); return CURLE_UNSUPPORTED_PROTOCOL; } - (*k).set_header(0 as i32 as bit); + (*k).set_header(0 as bit); if *nread != 0 { (*k).badheader = HEADER_PARTHEADER; } else { @@ -6037,11 +6052,12 @@ pub unsafe extern "C" fn Curl_http_readwrite_headers( return CURLE_OK; } break; - } + }} } - headp = Curl_dyn_ptr(&mut (*data).state.headerb); - if 0xa as i32 == *headp as i32 || 0xd as i32 == *headp as i32 { + headp = unsafe{Curl_dyn_ptr(&mut (*data).state.headerb)}; + if unsafe{0xa as i32 == *headp as i32 || 0xd as i32 == *headp as i32 }{ let mut headerlen: size_t = 0; + unsafe{ #[cfg(not(CURL_DOES_CONVERSIONS))] if '\r' as i32 == *headp as i32 { headp = headp.offset(1); @@ -6049,49 +6065,49 @@ pub unsafe extern "C" fn Curl_http_readwrite_headers( #[cfg(not(CURL_DOES_CONVERSIONS))] if '\n' as i32 == *headp as i32 { headp = headp.offset(1); - } - if 100 as i32 <= (*k).httpcode && 199 as i32 >= (*k).httpcode { - match (*k).httpcode { + }} + if unsafe{ 100 as i32 <= (*k).httpcode && 199 as i32 >= (*k).httpcode} { + unsafe{match (*k).httpcode { 100 => { - (*k).set_header(1 as i32 as bit); + (*k).set_header(1 as bit); (*k).headerline = 0 as i32; - if (*k).exp100 as u32 > EXP100_SEND_DATA as i32 as u32 { + if (*k).exp100 as u32 > EXP100_SEND_DATA as u32 { (*k).exp100 = EXP100_SEND_DATA; (*k).keepon |= (1 as i32) << 1 as i32; Curl_expire_done(data, EXPIRE_100_TIMEOUT); } } 101 => { - if (*k).upgr101 as u32 == UPGR101_REQUESTED as i32 as u32 { + if (*k).upgr101 as u32 == UPGR101_REQUESTED as u32 { Curl_infof( data, b"Received 101\0" as *const u8 as *const libc::c_char, ); (*k).upgr101 = UPGR101_RECEIVED; - (*k).set_header(1 as i32 as bit); + (*k).set_header(1 as bit); (*k).headerline = 0 as i32; result = Curl_http2_switched(data, (*k).str_0, *nread as size_t); if result as u64 != 0 { return result; } - *nread = 0 as i32 as ssize_t; + *nread = 0 as ssize_t; } else { - (*k).set_header(0 as i32 as bit); + (*k).set_header(0 as bit); } } _ => { - (*k).set_header(1 as i32 as bit); + (*k).set_header(1 as bit); (*k).headerline = 0 as i32; } - } - } else { - (*k).set_header(0 as i32 as bit); + }} + } else {unsafe{ + (*k).set_header(0 as bit); if (*k).size == -(1 as i32) as i64 && (*k).chunk() == 0 && ((*conn).bits).close() == 0 && (*conn).httpversion as i32 == 11 as i32 && (*(*conn).handler).protocol & ((1 as i32) << 18 as i32) as u32 == 0 - && (*data).state.httpreq as u32 != HTTPREQ_HEAD as i32 as u32 + && (*data).state.httpreq as u32 != HTTPREQ_HEAD as u32 { Curl_infof( data, @@ -6107,28 +6123,29 @@ pub unsafe extern "C" fn Curl_http_readwrite_headers( b"HTTP: No end-of-message indicator\0" as *const u8 as *const libc::c_char, ); - } + }} } + unsafe{ #[cfg(USE_NTLM)] if ((*conn).bits).close() as i32 != 0 && ((*data).req.httpcode == 401 as i32 - && (*conn).http_ntlm_state as u32 == NTLMSTATE_TYPE2 as i32 as u32 + && (*conn).http_ntlm_state as u32 == NTLMSTATE_TYPE2 as u32 || (*data).req.httpcode == 407 as i32 - && (*conn).proxy_ntlm_state as u32 == NTLMSTATE_TYPE2 as i32 as u32) + && (*conn).proxy_ntlm_state as u32 == NTLMSTATE_TYPE2 as u32) { Curl_infof( data, b"Connection closure while negotiating auth (HTTP 1.0?)\0" as *const u8 as *const libc::c_char, ); - (*data).state.set_authproblem(1 as i32 as bit); + (*data).state.set_authproblem(1 as bit); } #[cfg(USE_SPNEGO)] if ((*conn).bits).close() as i32 != 0 && ((*data).req.httpcode == 401 as i32 - && (*conn).http_negotiate_state as u32 == GSS_AUTHRECV as i32 as u32 + && (*conn).http_negotiate_state as u32 == GSS_AUTHRECV as u32 || (*data).req.httpcode == 407 as i32 - && (*conn).proxy_negotiate_state as u32 == GSS_AUTHRECV as i32 as u32) + && (*conn).proxy_negotiate_state as u32 == GSS_AUTHRECV as u32) { Curl_infof( data, @@ -6136,56 +6153,56 @@ pub unsafe extern "C" fn Curl_http_readwrite_headers( as *const libc::c_char, ); let ref mut fresh89 = (*data).state; - (*fresh89).set_authproblem(1 as i32 as bit); + (*fresh89).set_authproblem(1 as bit); } #[cfg(USE_SPNEGO)] - if (*conn).http_negotiate_state as u32 == GSS_AUTHDONE as i32 as u32 + if (*conn).http_negotiate_state as u32 == GSS_AUTHDONE as u32 && (*data).req.httpcode != 401 as i32 { (*conn).http_negotiate_state = GSS_AUTHSUCC; } #[cfg(USE_SPNEGO)] - if (*conn).proxy_negotiate_state as u32 == GSS_AUTHDONE as i32 as u32 + if (*conn).proxy_negotiate_state as u32 == GSS_AUTHDONE as u32 && (*data).req.httpcode != 407 as i32 { (*conn).proxy_negotiate_state = GSS_AUTHSUCC; - } + }} writetype = (1 as i32) << 1 as i32; - if ((*data).set).include_header() != 0 { + if unsafe{((*data).set).include_header() != 0 }{ writetype |= (1 as i32) << 0 as i32; } - headerlen = Curl_dyn_len(&mut (*data).state.headerb); - result = Curl_client_write( + headerlen =unsafe{ Curl_dyn_len(&mut (*data).state.headerb)}; + result = unsafe{Curl_client_write( data, writetype, Curl_dyn_ptr(&mut (*data).state.headerb), headerlen, - ); + )}; if result as u64 != 0 { return result; } - (*data).info.header_size += headerlen as i64; - (*data).req.headerbytecount += headerlen as i64; - if http_should_fail(data) { - Curl_failf( + unsafe{ (*data).info.header_size += headerlen as i64; + (*data).req.headerbytecount += headerlen as i64;} + if unsafe{http_should_fail(data)} { + unsafe{ Curl_failf( data, b"The requested URL returned error: %d\0" as *const u8 as *const libc::c_char, (*k).httpcode, - ); + )}; return CURLE_HTTP_RETURNED_ERROR; } - (*data).req.deductheadercount = + unsafe{(*data).req.deductheadercount = if 100 as i32 <= (*k).httpcode && 199 as i32 >= (*k).httpcode { (*data).req.headerbytecount } else { - 0 as i32 as i64 - }; - result = Curl_http_auth_act(data); + 0 as i64 + };} + result = unsafe{Curl_http_auth_act(data)}; if result as u64 != 0 { return result; } - if (*k).httpcode >= 300 as i32 { + if unsafe{(*k).httpcode >= 300 as i32} {unsafe{ if ((*conn).bits).authneg() == 0 && ((*conn).bits).close() == 0 && ((*conn).bits).rewindaftersend() == 0 @@ -6209,7 +6226,7 @@ pub unsafe extern "C" fn Curl_http_readwrite_headers( __assert_fail( b"!data->req.newurl\0" as *const u8 as *const libc::c_char, b"http.c\0" as *const u8 as *const libc::c_char, - 4084 as i32 as u32, + 4084 as u32, (*::std::mem::transmute::< &[u8; 99], &[libc::c_char; 99], @@ -6272,7 +6289,7 @@ pub unsafe extern "C" fn Curl_http_readwrite_headers( if result as u64 != 0 { return result; } - (*k).set_upload_done(1 as i32 as bit); + (*k).set_upload_done(1 as bit); if ((*data).state).expect100header() != 0 { (*k).exp100 = EXP100_FAILED; } @@ -6289,18 +6306,18 @@ pub unsafe extern "C" fn Curl_http_readwrite_headers( as *const libc::c_char, ); (*k).keepon |= (1 as i32) << 1 as i32; - } + }} } // 解决clippy错误 - if (*k).header() == 0 { + if unsafe{(*k).header() == 0} { // TODO 待测试 #[cfg(not(CURL_DISABLE_RSTP))] - let flag7: bool = ((*data).set).opt_no_body() != 0 + let flag7: bool = unsafe{((*data).set).opt_no_body() != 0 || (*(*conn).handler).protocol & ((1 as i32) << 18 as i32) as u32 != 0 - && (*data).set.rtspreq as u32 == RTSPREQ_DESCRIBE as i32 as u32 - && (*k).size <= -(1 as i32) as i64; + && (*data).set.rtspreq as u32 == RTSPREQ_DESCRIBE as u32 + && (*k).size <= -(1 as i32) as i64}; #[cfg(CURL_DISABLE_RSTP)] - let flag7: bool = ((*data).set).opt_no_body() != 0; + let flag7: bool = unsafe{((*data).set).opt_no_body() != 0}; // let flag7: bool = if cfg!(not(CURL_DISABLE_RSTP)) { // ((*data).set).opt_no_body() != 0 // || (*(*conn).handler).protocol @@ -6313,7 +6330,7 @@ pub unsafe extern "C" fn Curl_http_readwrite_headers( // ((*data).set).opt_no_body() != 0 // }; if flag7 { - *stop_reading = 1 as i32 != 0; + unsafe{ *stop_reading = 1 as i32 != 0;} // } else if (*(*conn).handler).protocol // & ((1 as i32) << 18 as i32) as u32 // != 0 @@ -6322,51 +6339,51 @@ pub unsafe extern "C" fn Curl_http_readwrite_headers( // && (*k).size <= -(1 as i32) as i64 // { // *stop_reading = 1 as i32 != 0; - } else if (*k).chunk() != 0 { - let ref mut fresh89 = (*k).size; + } else if unsafe{(*k).chunk() != 0} { + unsafe{ let ref mut fresh89 = (*k).size; *fresh89 = -(1 as i32) as curl_off_t; - (*k).maxdownload = *fresh89; + (*k).maxdownload = *fresh89;} } - if -(1 as i32) as i64 != (*k).size { - Curl_pgrsSetDownloadSize(data, (*k).size); - (*k).maxdownload = (*k).size; + if -(1 as i32) as i64 != unsafe{(*k).size} { + unsafe{ Curl_pgrsSetDownloadSize(data, (*k).size); + (*k).maxdownload = (*k).size;} } #[cfg(USE_NGHTTP2)] - let flag8: bool = 0 as i32 as i64 == (*k).maxdownload + let flag8: bool = unsafe{0 as i64 == (*k).maxdownload && !((*(*conn).handler).protocol & ((1 as i32) << 0 as i32 | (1 as i32) << 1 as i32) as u32 != 0 - && (*conn).httpversion as i32 == 20 as i32); + && (*conn).httpversion as i32 == 20 as i32)}; #[cfg(not(USE_NGHTTP2))] - let flag8: bool = 0 as i32 as i64 == (*k).maxdownload; + let flag8: bool = 0 as i64 ==unsafe{ (*k).maxdownload}; if flag8 { - *stop_reading = 1 as i32 != 0; + unsafe{ *stop_reading = 1 as i32 != 0;} } - if *stop_reading { - (*k).keepon &= !((1 as i32) << 0 as i32); + if unsafe{*stop_reading} { + unsafe{ (*k).keepon &= !((1 as i32) << 0 as i32);} } - Curl_debug(data, CURLINFO_HEADER_IN, str_start, headerlen); + unsafe{Curl_debug(data, CURLINFO_HEADER_IN, str_start, headerlen);} break; } else { - Curl_dyn_reset(&mut (*data).state.headerb); + unsafe{ Curl_dyn_reset(&mut (*data).state.headerb);} } } else { - let ref mut fresh90 = (*k).headerline; + let ref mut fresh90 = unsafe{(*k).headerline}; let fresh91 = *fresh90; *fresh90 = *fresh90 + 1; if fresh91 == 0 { let mut httpversion_major: i32 = 0; let mut rtspversion_major: i32 = 0; let mut nc: i32 = 0 as i32; - if (*(*conn).handler).protocol + if unsafe{(*(*conn).handler).protocol} & ((1 as i32) << 0 as i32 | (1 as i32) << 1 as i32) as u32 != 0 { let mut separator: libc::c_char = 0; let mut twoorthree: [libc::c_char; 2] = [0; 2]; let mut httpversion: i32 = 0 as i32; - let mut digit4: libc::c_char = 0 as i32 as libc::c_char; - nc = sscanf( + let mut digit4: libc::c_char = 0 as libc::c_char; + nc = unsafe{sscanf( headp, b" HTTP/%1d.%1d%c%3d%c\0" as *const u8 as *const libc::c_char, &mut httpversion_major as *mut i32, @@ -6374,161 +6391,161 @@ pub unsafe extern "C" fn Curl_http_readwrite_headers( &mut separator as *mut libc::c_char, &mut (*k).httpcode as *mut i32, &mut digit4 as *mut libc::c_char, - ); + )}; if nc == 1 as i32 && httpversion_major >= 2 as i32 && 2 as i32 - == sscanf( + == unsafe{sscanf( headp, b" HTTP/%1[23] %d\0" as *const u8 as *const libc::c_char, twoorthree.as_mut_ptr(), &mut (*k).httpcode as *mut i32, - ) + )} { - (*conn).httpversion = 0 as i32 as u8; + unsafe{(*conn).httpversion = 0 as u8;} nc = 4 as i32; - separator = ' ' as i32 as libc::c_char; - } else if Curl_isdigit(digit4 as u8 as i32) != 0 { - Curl_failf( + separator = ' ' as libc::c_char; + } else if unsafe{Curl_isdigit(digit4 as i32) != 0} { + unsafe{ Curl_failf( data, b"Unsupported response code in HTTP response\0" as *const u8 as *const libc::c_char, - ); + );} return CURLE_UNSUPPORTED_PROTOCOL; } if nc >= 4 as i32 && ' ' as i32 == separator as i32 { httpversion += 10 as i32 * httpversion_major; match httpversion { 10 | 11 => { - (*conn).httpversion = httpversion as u8; + unsafe{(*conn).httpversion = httpversion as u8;} } #[cfg(any(USE_NGHTTP2, USE_HYPER))] 20 => { - (*conn).httpversion = httpversion as u8; + unsafe{(*conn).httpversion = httpversion as u8;} } #[cfg(ENABLE_QUIC)] 30 => { - (*conn).httpversion = httpversion as u8; + unsafe{(*conn).httpversion = httpversion as u8;} } _ => { - Curl_failf( + unsafe{Curl_failf( data, b"Unsupported HTTP version (%u.%d) in response\0" as *const u8 as *const libc::c_char, httpversion / 10 as i32, httpversion % 10 as i32, - ); + );} return CURLE_UNSUPPORTED_PROTOCOL; } } - if (*k).upgr101 as u32 == UPGR101_RECEIVED as i32 as u32 { - if (*conn).httpversion as i32 != 20 as i32 { - Curl_infof( + if unsafe{(*k).upgr101 as u32 == UPGR101_RECEIVED as u32} { + if unsafe{(*conn).httpversion as i32 != 20 as i32} { + unsafe{Curl_infof( data, b"Lying server, not serving HTTP/2\0" as *const u8 as *const libc::c_char, - ); + );} } } - if ((*conn).httpversion as i32) < 20 as i32 { - (*(*conn).bundle).multiuse = -(1 as i32); + if unsafe{((*conn).httpversion as i32) < 20 as i32} { + unsafe{ (*(*conn).bundle).multiuse = -(1 as i32); Curl_infof( data, b"Mark bundle as not supporting multiuse\0" as *const u8 as *const libc::c_char, - ); + );} } } else if nc == 0 { - nc = sscanf( + nc = unsafe{sscanf( headp, b" HTTP %3d\0" as *const u8 as *const libc::c_char, &mut (*k).httpcode as *mut i32, - ); - (*conn).httpversion = 10 as i32 as u8; + )}; + unsafe{(*conn).httpversion = 10 as u8;} if nc == 0 { - let mut check: statusline = checkhttpprefix( + let mut check: statusline = unsafe{checkhttpprefix( data, Curl_dyn_ptr(&mut (*data).state.headerb), Curl_dyn_len(&mut (*data).state.headerb), - ); - if check as u32 == STATUS_DONE as i32 as u32 { + )}; + if check as u32 == STATUS_DONE as u32 { nc = 1 as i32; - (*k).httpcode = 200 as i32; - (*conn).httpversion = 10 as i32 as u8; + unsafe{(*k).httpcode = 200 as i32; + (*conn).httpversion = 10 as u8;} } } } else { - Curl_failf( + unsafe{Curl_failf( data, b"Unsupported HTTP version in response\0" as *const u8 as *const libc::c_char, - ); + );} return CURLE_UNSUPPORTED_PROTOCOL; } - } else if (*(*conn).handler).protocol & ((1 as i32) << 18 as i32) as u32 != 0 { + } else if unsafe{(*(*conn).handler).protocol & ((1 as i32) << 18 as i32) as u32 != 0} { let mut separator_0: libc::c_char = 0; let mut rtspversion: i32 = 0; - nc = sscanf( + nc = unsafe{sscanf( headp, b" RTSP/%1d.%1d%c%3d\0" as *const u8 as *const libc::c_char, &mut rtspversion_major as *mut i32, &mut rtspversion as *mut i32, &mut separator_0 as *mut libc::c_char, &mut (*k).httpcode as *mut i32, - ); + )}; if nc == 4 as i32 && ' ' as i32 == separator_0 as i32 { - (*conn).httpversion = 11 as i32 as u8; + unsafe{ (*conn).httpversion = 11 as u8;} } else { nc = 0 as i32; } } if nc != 0 { - result = Curl_http_statusline(data, conn); + result = unsafe{Curl_http_statusline(data, conn)}; if result as u64 != 0 { return result; } } else { - (*k).set_header(0 as i32 as bit); + unsafe{ (*k).set_header(0 as bit);} break; } } - result = CURLE_OK as i32 as CURLcode; + result = CURLE_OK as CURLcode; if result as u64 != 0 { return result; } - result = Curl_http_header(data, conn, headp); + result = unsafe{Curl_http_header(data, conn, headp)}; if result as u64 != 0 { return result; } writetype = (1 as i32) << 1 as i32; - if ((*data).set).include_header() != 0 { + if unsafe{((*data).set).include_header() != 0} { writetype |= (1 as i32) << 0 as i32; } - Curl_debug( + unsafe{Curl_debug( data, CURLINFO_HEADER_IN, headp, Curl_dyn_len(&mut (*data).state.headerb), - ); - result = Curl_client_write( + );} + result = unsafe{Curl_client_write( data, writetype, headp, Curl_dyn_len(&mut (*data).state.headerb), - ); + )}; if result as u64 != 0 { return result; } - (*data).info.header_size = ((*data).info.header_size as u64) + unsafe{(*data).info.header_size = ((*data).info.header_size as u64) .wrapping_add(Curl_dyn_len(&mut (*data).state.headerb)) - as curl_off_t as curl_off_t; + as curl_off_t; (*data).req.headerbytecount = ((*data).req.headerbytecount as u64) .wrapping_add(Curl_dyn_len(&mut (*data).state.headerb)) - as curl_off_t as curl_off_t; - Curl_dyn_reset(&mut (*data).state.headerb); + as curl_off_t; + Curl_dyn_reset(&mut (*data).state.headerb);} } - if !(*(*k).str_0 != 0) { + if unsafe{!(*(*k).str_0 != 0)} { break; } } -- Gitee