1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
|
-
+
+
|
/*
* Copyright (C) 1997-1999 Matt Newman <[email protected]>
* Copyright (C) 2000 Ajuba Solutions
*
* $Header: /home/rkeene/tmp/cvs2fossil/../tcltls/tls/tls/tls.c,v 1.11 2000/08/16 17:44:05 hobbs Exp $
* $Header: /home/rkeene/tmp/cvs2fossil/../tcltls/tls/tls/tls.c,v 1.12 2000/08/18 19:22:25 hobbs Exp $
*
* TLS (aka SSL) Channel - can be layered on any bi-directional
* Tcl_Channel (Note: Requires Trf Core Patch)
*
* This was built (almost) from scratch based upon observation of
* OpenSSL 0.9.2B
*
* Addition credit is due for Andreas Kupries ([email protected]), for
* providing the Tcl_ReplaceChannel mechanism and working closely with me
* to enhance it to support full fileevent semantics.
*
* Also work done by the follow people provided the impetus to do this "right":
* tclSSL (Colin McCormack, Shared Technology)
* SSLtcl (Peter Antman)
*
*/
#include "tlsInt.h"
#include "tclOpts.h"
#include <stdlib.h>
/*
* External functions
*/
/*
* Forward declarations
|
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
|
132
133
134
135
136
137
138
139
140
141
142
143
144
145
|
-
|
*/
static void
InfoCallback(SSL *ssl, int where, int ret)
{
State *statePtr = (State*)SSL_get_app_data(ssl);
Tcl_Obj *cmdPtr;
char *major; char *minor;
int w;
if (statePtr->callback == (Tcl_Obj*)NULL)
return;
cmdPtr = Tcl_DuplicateObj(statePtr->callback);
#if 0
|
1135
1136
1137
1138
1139
1140
1141
1142
1143
1144
1145
1146
1147
1148
1149
|
1135
1136
1137
1138
1139
1140
1141
1142
1143
1144
1145
1146
1147
1148
1149
1150
|
-
+
+
|
*-------------------------------------------------------------------
*/
int
Tls_Init(Tcl_Interp *interp) /* Interpreter in which the package is
* to be made available. */
{
int major, minor, patchlevel, release;
int major, minor, patchlevel, release, i;
char rnd_seed[16] = "GrzSlplKqUdnnzP!"; /* 16 bytes */
/*
* The original 8.2.0 stacked channel implementation (and the patch
* that preceded it) had problems with scalability and robustness.
* These were address in 8.3.2 / 8.4a2, so we now require that as a
* minimum for TLS 1.4+. We only support 8.2+ now (8.3.2+ preferred).
*/
|
1175
1176
1177
1178
1179
1180
1181
1182
1183
1184
1185
1186
1187
1188
|
1176
1177
1178
1179
1180
1181
1182
1183
1184
1185
1186
1187
1188
1189
1190
1191
1192
1193
1194
1195
1196
1197
1198
|
+
+
+
+
+
+
+
+
+
|
if (SSL_library_init() != 1) {
Tcl_AppendResult(interp, "could not initialize SSL library", NULL);
return TCL_ERROR;
}
SSL_load_error_strings();
ERR_load_crypto_strings();
/*
* Seed the random number generator in the SSL library
*/
srand((unsigned int) time((time_t *) NULL));
for (i = 0; i < 16; i++) {
rnd_seed[i] = 1 + (char) (255.0 * rand()/(RAND_MAX+1.0));
}
RAND_seed(rnd_seed, sizeof(rnd_seed));
Tcl_CreateObjCommand(interp, "tls::ciphers", CiphersObjCmd,
(ClientData) 0, (Tcl_CmdDeleteProc *) NULL);
Tcl_CreateObjCommand(interp, "tls::handshake", HandshakeObjCmd,
(ClientData) 0, (Tcl_CmdDeleteProc *) NULL);
Tcl_CreateObjCommand(interp, "tls::import", ImportObjCmd,
|