2 * Wininet - networking layer. Uses unix sockets or OpenSSL.
4 * Copyright 2002 TransGaming Technologies Inc.
8 * This library is free software; you can redistribute it and/or
9 * modify it under the terms of the GNU Lesser General Public
10 * License as published by the Free Software Foundation; either
11 * version 2.1 of the License, or (at your option) any later version.
13 * This library is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 * Lesser General Public License for more details.
18 * You should have received a copy of the GNU Lesser General Public
19 * License along with this library; if not, write to the Free Software
20 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
24 #include "wine/port.h"
26 #if defined(__MINGW32__) || defined (_MSC_VER)
30 #include <sys/types.h>
34 #ifdef HAVE_SYS_POLL_H
35 # include <sys/poll.h>
37 #ifdef HAVE_SYS_TIME_H
38 # include <sys/time.h>
40 #ifdef HAVE_SYS_SOCKET_H
41 # include <sys/socket.h>
43 #ifdef HAVE_SYS_FILIO_H
44 # include <sys/filio.h>
49 #ifdef HAVE_SYS_IOCTL_H
50 # include <sys/ioctl.h>
56 #ifdef HAVE_NETINET_IN_H
57 # include <netinet/in.h>
59 #ifdef HAVE_OPENSSL_SSL_H
60 # include <openssl/ssl.h>
71 #include "wine/library.h"
78 #include "wine/debug.h"
81 /* To avoid conflicts with the Unix socket headers. we only need it for
82 * the error codes anyway. */
86 #define RESPONSE_TIMEOUT 30 /* FROM internet.c */
89 WINE_DEFAULT_DEBUG_CHANNEL(wininet);
92 * This should use winsock - To use winsock the functions will have to change a bit
93 * as they are designed for unix sockets.
94 * SSL stuff should use crypt32.dll
99 #include <openssl/err.h>
101 static CRITICAL_SECTION init_ssl_cs;
102 static CRITICAL_SECTION_DEBUG init_ssl_cs_debug =
105 { &init_ssl_cs_debug.ProcessLocksList,
106 &init_ssl_cs_debug.ProcessLocksList },
107 0, 0, { (DWORD_PTR)(__FILE__ ": init_ssl_cs") }
109 static CRITICAL_SECTION init_ssl_cs = { &init_ssl_cs_debug, -1, 0, 0, 0, 0 };
111 static void *OpenSSL_ssl_handle;
112 static void *OpenSSL_crypto_handle;
114 static SSL_METHOD *meth;
117 #define MAKE_FUNCPTR(f) static typeof(f) * p##f
119 /* OpenSSL functions that we use */
120 MAKE_FUNCPTR(SSL_library_init);
121 MAKE_FUNCPTR(SSL_load_error_strings);
122 MAKE_FUNCPTR(SSLv23_method);
123 MAKE_FUNCPTR(SSL_CTX_free);
124 MAKE_FUNCPTR(SSL_CTX_new);
125 MAKE_FUNCPTR(SSL_new);
126 MAKE_FUNCPTR(SSL_free);
127 MAKE_FUNCPTR(SSL_set_fd);
128 MAKE_FUNCPTR(SSL_connect);
129 MAKE_FUNCPTR(SSL_shutdown);
130 MAKE_FUNCPTR(SSL_write);
131 MAKE_FUNCPTR(SSL_read);
132 MAKE_FUNCPTR(SSL_pending);
133 MAKE_FUNCPTR(SSL_get_verify_result);
134 MAKE_FUNCPTR(SSL_get_peer_certificate);
135 MAKE_FUNCPTR(SSL_CTX_get_timeout);
136 MAKE_FUNCPTR(SSL_CTX_set_timeout);
137 MAKE_FUNCPTR(SSL_CTX_set_default_verify_paths);
139 /* OpenSSL's libcrypto functions that we use */
140 MAKE_FUNCPTR(BIO_new_fp);
141 MAKE_FUNCPTR(CRYPTO_num_locks);
142 MAKE_FUNCPTR(CRYPTO_set_id_callback);
143 MAKE_FUNCPTR(CRYPTO_set_locking_callback);
144 MAKE_FUNCPTR(ERR_get_error);
145 MAKE_FUNCPTR(ERR_error_string);
146 MAKE_FUNCPTR(i2d_X509);
149 static CRITICAL_SECTION *ssl_locks;
151 static unsigned long ssl_thread_id(void)
153 return GetCurrentThreadId();
156 static void ssl_lock_callback(int mode, int type, const char *file, int line)
158 if (mode & CRYPTO_LOCK)
159 EnterCriticalSection(&ssl_locks[type]);
161 LeaveCriticalSection(&ssl_locks[type]);
166 DWORD NETCON_init(WININET_NETCONNECTION *connection, BOOL useSSL)
168 connection->useSSL = FALSE;
169 connection->socketFD = -1;
172 #if defined(SONAME_LIBSSL) && defined(SONAME_LIBCRYPTO)
175 TRACE("using SSL connection\n");
176 EnterCriticalSection(&init_ssl_cs);
177 if (OpenSSL_ssl_handle) /* already initialized everything */
179 LeaveCriticalSection(&init_ssl_cs);
180 return ERROR_SUCCESS;
182 OpenSSL_ssl_handle = wine_dlopen(SONAME_LIBSSL, RTLD_NOW, NULL, 0);
183 if (!OpenSSL_ssl_handle)
185 ERR("trying to use a SSL connection, but couldn't load %s. Expect trouble.\n",
187 LeaveCriticalSection(&init_ssl_cs);
188 return ERROR_INTERNET_SECURITY_CHANNEL_ERROR;
190 OpenSSL_crypto_handle = wine_dlopen(SONAME_LIBCRYPTO, RTLD_NOW, NULL, 0);
191 if (!OpenSSL_crypto_handle)
193 ERR("trying to use a SSL connection, but couldn't load %s. Expect trouble.\n",
195 LeaveCriticalSection(&init_ssl_cs);
196 return ERROR_INTERNET_SECURITY_CHANNEL_ERROR;
199 /* mmm nice ugly macroness */
201 p##x = wine_dlsym(OpenSSL_ssl_handle, #x, NULL, 0); \
204 ERR("failed to load symbol %s\n", #x); \
205 LeaveCriticalSection(&init_ssl_cs); \
206 return ERROR_INTERNET_SECURITY_CHANNEL_ERROR; \
209 DYNSSL(SSL_library_init);
210 DYNSSL(SSL_load_error_strings);
211 DYNSSL(SSLv23_method);
212 DYNSSL(SSL_CTX_free);
218 DYNSSL(SSL_shutdown);
222 DYNSSL(SSL_get_verify_result);
223 DYNSSL(SSL_get_peer_certificate);
224 DYNSSL(SSL_CTX_get_timeout);
225 DYNSSL(SSL_CTX_set_timeout);
226 DYNSSL(SSL_CTX_set_default_verify_paths);
229 #define DYNCRYPTO(x) \
230 p##x = wine_dlsym(OpenSSL_crypto_handle, #x, NULL, 0); \
233 ERR("failed to load symbol %s\n", #x); \
234 LeaveCriticalSection(&init_ssl_cs); \
235 return ERROR_INTERNET_SECURITY_CHANNEL_ERROR; \
237 DYNCRYPTO(BIO_new_fp);
238 DYNCRYPTO(CRYPTO_num_locks);
239 DYNCRYPTO(CRYPTO_set_id_callback);
240 DYNCRYPTO(CRYPTO_set_locking_callback);
241 DYNCRYPTO(ERR_get_error);
242 DYNCRYPTO(ERR_error_string);
247 pSSL_load_error_strings();
248 pBIO_new_fp(stderr, BIO_NOCLOSE); /* FIXME: should use winedebug stuff */
250 meth = pSSLv23_method();
251 ctx = pSSL_CTX_new(meth);
252 if (!pSSL_CTX_set_default_verify_paths(ctx))
254 ERR("SSL_CTX_set_default_verify_paths failed: %s\n",
255 pERR_error_string(pERR_get_error(), 0));
256 LeaveCriticalSection(&init_ssl_cs);
257 return ERROR_OUTOFMEMORY;
260 pCRYPTO_set_id_callback(ssl_thread_id);
261 ssl_locks = HeapAlloc(GetProcessHeap(), 0,
262 pCRYPTO_num_locks() * sizeof(CRITICAL_SECTION));
265 LeaveCriticalSection(&init_ssl_cs);
266 return ERROR_OUTOFMEMORY;
268 for (i = 0; i < pCRYPTO_num_locks(); i++)
269 InitializeCriticalSection(&ssl_locks[i]);
270 pCRYPTO_set_locking_callback(ssl_lock_callback);
271 LeaveCriticalSection(&init_ssl_cs);
273 FIXME("can't use SSL, not compiled in.\n");
274 return ERROR_INTERNET_SECURITY_CHANNEL_ERROR;
277 return ERROR_SUCCESS;
280 void NETCON_unload(void)
282 #if defined(SONAME_LIBSSL) && defined(SONAME_LIBCRYPTO)
283 if (OpenSSL_crypto_handle)
285 wine_dlclose(OpenSSL_crypto_handle, NULL, 0);
287 if (OpenSSL_ssl_handle)
291 wine_dlclose(OpenSSL_ssl_handle, NULL, 0);
296 for (i = 0; i < pCRYPTO_num_locks(); i++) DeleteCriticalSection(&ssl_locks[i]);
297 HeapFree(GetProcessHeap(), 0, ssl_locks);
302 BOOL NETCON_connected(WININET_NETCONNECTION *connection)
304 if (connection->socketFD == -1)
310 /* translate a unix error code into a winsock one */
311 int sock_get_error( int err )
313 #if !defined(__MINGW32__) && !defined (_MSC_VER)
316 case EINTR: return WSAEINTR;
317 case EBADF: return WSAEBADF;
319 case EACCES: return WSAEACCES;
320 case EFAULT: return WSAEFAULT;
321 case EINVAL: return WSAEINVAL;
322 case EMFILE: return WSAEMFILE;
323 case EWOULDBLOCK: return WSAEWOULDBLOCK;
324 case EINPROGRESS: return WSAEINPROGRESS;
325 case EALREADY: return WSAEALREADY;
326 case ENOTSOCK: return WSAENOTSOCK;
327 case EDESTADDRREQ: return WSAEDESTADDRREQ;
328 case EMSGSIZE: return WSAEMSGSIZE;
329 case EPROTOTYPE: return WSAEPROTOTYPE;
330 case ENOPROTOOPT: return WSAENOPROTOOPT;
331 case EPROTONOSUPPORT: return WSAEPROTONOSUPPORT;
332 case ESOCKTNOSUPPORT: return WSAESOCKTNOSUPPORT;
333 case EOPNOTSUPP: return WSAEOPNOTSUPP;
334 case EPFNOSUPPORT: return WSAEPFNOSUPPORT;
335 case EAFNOSUPPORT: return WSAEAFNOSUPPORT;
336 case EADDRINUSE: return WSAEADDRINUSE;
337 case EADDRNOTAVAIL: return WSAEADDRNOTAVAIL;
338 case ENETDOWN: return WSAENETDOWN;
339 case ENETUNREACH: return WSAENETUNREACH;
340 case ENETRESET: return WSAENETRESET;
341 case ECONNABORTED: return WSAECONNABORTED;
343 case ECONNRESET: return WSAECONNRESET;
344 case ENOBUFS: return WSAENOBUFS;
345 case EISCONN: return WSAEISCONN;
346 case ENOTCONN: return WSAENOTCONN;
347 case ESHUTDOWN: return WSAESHUTDOWN;
348 case ETOOMANYREFS: return WSAETOOMANYREFS;
349 case ETIMEDOUT: return WSAETIMEDOUT;
350 case ECONNREFUSED: return WSAECONNREFUSED;
351 case ELOOP: return WSAELOOP;
352 case ENAMETOOLONG: return WSAENAMETOOLONG;
353 case EHOSTDOWN: return WSAEHOSTDOWN;
354 case EHOSTUNREACH: return WSAEHOSTUNREACH;
355 case ENOTEMPTY: return WSAENOTEMPTY;
357 case EPROCLIM: return WSAEPROCLIM;
360 case EUSERS: return WSAEUSERS;
363 case EDQUOT: return WSAEDQUOT;
366 case ESTALE: return WSAESTALE;
369 case EREMOTE: return WSAEREMOTE;
371 default: errno=err; perror("sock_set_error"); return WSAEFAULT;
377 /******************************************************************************
379 * Basically calls 'socket()'
381 DWORD NETCON_create(WININET_NETCONNECTION *connection, int domain,
382 int type, int protocol)
385 if (connection->useSSL)
386 return ERROR_NOT_SUPPORTED;
389 connection->socketFD = socket(domain, type, protocol);
390 if (connection->socketFD == -1)
391 return sock_get_error(errno);
393 return ERROR_SUCCESS;
396 /******************************************************************************
398 * Basically calls 'close()' unless we should use SSL
400 DWORD NETCON_close(WININET_NETCONNECTION *connection)
404 if (!NETCON_connected(connection)) return ERROR_SUCCESS;
407 if (connection->useSSL)
409 pSSL_shutdown(connection->ssl_s);
410 pSSL_free(connection->ssl_s);
411 connection->ssl_s = NULL;
413 connection->useSSL = FALSE;
417 result = closesocket(connection->socketFD);
418 connection->socketFD = -1;
421 return sock_get_error(errno);
422 return ERROR_SUCCESS;
425 static BOOL check_hostname(X509 *cert, LPCWSTR hostname)
427 /* FIXME: implement */
431 /******************************************************************************
432 * NETCON_secure_connect
433 * Initiates a secure connection over an existing plaintext connection.
435 DWORD NETCON_secure_connect(WININET_NETCONNECTION *connection, LPCWSTR hostname)
437 DWORD res = ERROR_NOT_SUPPORTED;
442 /* can't connect if we are already connected */
443 if (connection->useSSL)
445 ERR("already connected\n");
446 return ERROR_INTERNET_CANNOT_CONNECT;
449 connection->ssl_s = pSSL_new(ctx);
450 if (!connection->ssl_s)
452 ERR("SSL_new failed: %s\n",
453 pERR_error_string(pERR_get_error(), 0));
454 res = ERROR_OUTOFMEMORY;
458 if (!pSSL_set_fd(connection->ssl_s, connection->socketFD))
460 ERR("SSL_set_fd failed: %s\n",
461 pERR_error_string(pERR_get_error(), 0));
462 res = ERROR_INTERNET_SECURITY_CHANNEL_ERROR;
466 if (pSSL_connect(connection->ssl_s) <= 0)
468 ERR("SSL_connect failed: %s\n",
469 pERR_error_string(pERR_get_error(), 0));
470 res = ERROR_INTERNET_SECURITY_CHANNEL_ERROR;
473 cert = pSSL_get_peer_certificate(connection->ssl_s);
476 ERR("no certificate for server %s\n", debugstr_w(hostname));
477 /* FIXME: is this the best error? */
478 res = ERROR_INTERNET_INVALID_CA;
481 verify_res = pSSL_get_verify_result(connection->ssl_s);
482 if (verify_res != X509_V_OK)
484 ERR("couldn't verify the security of the connection, %ld\n", verify_res);
485 /* FIXME: we should set an error and return, but we only warn at
489 if (!check_hostname(cert, hostname))
491 res = ERROR_INTERNET_SEC_CERT_CN_INVALID;
495 connection->useSSL = TRUE;
496 return ERROR_SUCCESS;
499 if (connection->ssl_s)
501 pSSL_shutdown(connection->ssl_s);
502 pSSL_free(connection->ssl_s);
503 connection->ssl_s = NULL;
509 /******************************************************************************
511 * Connects to the specified address.
513 DWORD NETCON_connect(WININET_NETCONNECTION *connection, const struct sockaddr *serv_addr,
514 unsigned int addrlen)
518 result = connect(connection->socketFD, serv_addr, addrlen);
521 WARN("Unable to connect to host (%s)\n", strerror(errno));
523 closesocket(connection->socketFD);
524 connection->socketFD = -1;
525 return sock_get_error(errno);
528 return ERROR_SUCCESS;
531 /******************************************************************************
533 * Basically calls 'send()' unless we should use SSL
534 * number of chars send is put in *sent
536 DWORD NETCON_send(WININET_NETCONNECTION *connection, const void *msg, size_t len, int flags,
539 if (!NETCON_connected(connection)) return ERROR_INTERNET_CONNECTION_ABORTED;
540 if (!connection->useSSL)
542 *sent = send(connection->socketFD, msg, len, flags);
544 return sock_get_error(errno);
545 return ERROR_SUCCESS;
551 FIXME("SSL_write doesn't support any flags (%08x)\n", flags);
552 *sent = pSSL_write(connection->ssl_s, msg, len);
553 if (*sent < 1 && len)
554 return ERROR_INTERNET_CONNECTION_ABORTED;
555 return ERROR_SUCCESS;
557 return ERROR_NOT_SUPPORTED;
562 /******************************************************************************
564 * Basically calls 'recv()' unless we should use SSL
565 * number of chars received is put in *recvd
567 DWORD NETCON_recv(WININET_NETCONNECTION *connection, void *buf, size_t len, int flags,
568 int *recvd /* out */)
571 if (!NETCON_connected(connection)) return ERROR_INTERNET_CONNECTION_ABORTED;
573 return ERROR_SUCCESS;
574 if (!connection->useSSL)
576 *recvd = recv(connection->socketFD, buf, len, flags);
577 return *recvd == -1 ? sock_get_error(errno) : ERROR_SUCCESS;
582 *recvd = pSSL_read(connection->ssl_s, buf, len);
583 return *recvd > 0 ? ERROR_SUCCESS : ERROR_INTERNET_CONNECTION_ABORTED;
585 return ERROR_NOT_SUPPORTED;
590 /******************************************************************************
591 * NETCON_query_data_available
592 * Returns the number of bytes of peeked data plus the number of bytes of
593 * queued, but unread data.
595 BOOL NETCON_query_data_available(WININET_NETCONNECTION *connection, DWORD *available)
598 if (!NETCON_connected(connection))
601 if (!connection->useSSL)
605 int retval = ioctlsocket(connection->socketFD, FIONREAD, &unread);
608 TRACE("%d bytes of queued, but unread data\n", unread);
609 *available += unread;
616 *available = pSSL_pending(connection->ssl_s);
622 LPCVOID NETCON_GetCert(WININET_NETCONNECTION *connection)
626 unsigned char* buffer,*p;
628 BOOL malloced = FALSE;
631 if (!connection->useSSL)
634 cert = pSSL_get_peer_certificate(connection->ssl_s);
636 len = pi2d_X509(cert,&p);
638 * SSL 0.9.7 and above malloc the buffer if it is null.
639 * however earlier version do not and so we would need to alloc the buffer.
641 * see the i2d_X509 man page for more details.
645 buffer = HeapAlloc(GetProcessHeap(),0,len);
647 len = pi2d_X509(cert,&p);
655 r = CertCreateCertificateContext(X509_ASN_ENCODING,buffer,len);
660 HeapFree(GetProcessHeap(),0,buffer);
668 DWORD NETCON_set_timeout(WININET_NETCONNECTION *connection, BOOL send, int value)
673 /* FIXME: we should probably store the timeout in the connection to set
674 * when we do connect */
675 if (!NETCON_connected(connection))
676 return ERROR_SUCCESS;
678 /* value is in milliseconds, convert to struct timeval */
679 tv.tv_sec = value / 1000;
680 tv.tv_usec = (value % 1000) * 1000;
682 result = setsockopt(connection->socketFD, SOL_SOCKET,
683 send ? SO_SNDTIMEO : SO_RCVTIMEO, (void*)&tv,
688 WARN("setsockopt failed (%s)\n", strerror(errno));
689 return sock_get_error(errno);
692 return ERROR_SUCCESS;