119
120
121
122
123
124
125
126
127
128
129
130
131
132
|
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
|
+
+
+
|
#include <openssl/crypto.h>
/*
* Threaded operation requires locking callbacks
* Based from /crypto/cryptlib.c of OpenSSL and NSOpenSSL.
*/
#ifndef CRYPTO_NUM_LOCKS
#define CRYPTO_NUM_LOCKS 128
#endif
static Tcl_Mutex locks[CRYPTO_NUM_LOCKS];
static Tcl_Mutex init_mx;
static void CryptoThreadLockCallback (int mode, int n, const char *file, int line);
static unsigned long CryptoThreadIdCallback (void);
static void
|
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
|
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
|
-
+
|
*/
static int
VerifyCallback(int ok, X509_STORE_CTX *ctx)
{
Tcl_Obj *cmdPtr, *result;
char *errStr, *string;
int length;
SSL *ssl = (SSL*)X509_STORE_CTX_get_app_data(ctx);
SSL *ssl = (SSL*)X509_STORE_CTX_get_ex_data(ctx, SSL_get_ex_data_X509_STORE_CTX_idx());
X509 *cert = X509_STORE_CTX_get_current_cert(ctx);
State *statePtr = (State*)SSL_get_app_data(ssl);
int depth = X509_STORE_CTX_get_error_depth(ctx);
int err = X509_STORE_CTX_get_error(ctx);
dprintf("Verify: %d", ok);
|
1742
1743
1744
1745
1746
1747
1748
1749
1750
1751
1752
1753
1754
1755
1756
1757
1758
1759
1760
1761
1762
1763
1764
1765
1766
1767
1768
1769
1770
1771
1772
1773
1774
1775
1776
1777
1778
1779
1780
1781
1782
1783
1784
1785
1786
1787
1788
1789
1790
1791
1792
1793
1794
1795
1796
1797
1798
1799
1800
1801
1802
1803
1804
1805
1806
1807
1808
1809
1810
|
1745
1746
1747
1748
1749
1750
1751
1752
1753
1754
1755
1756
1757
1758
1759
1760
1761
1762
1763
1764
1765
1766
1767
1768
1769
1770
1771
1772
1773
1774
1775
1776
1777
1778
1779
1780
1781
1782
1783
1784
1785
1786
1787
1788
1789
1790
1791
1792
1793
1794
1795
1796
1797
1798
1799
1800
1801
1802
1803
1804
1805
1806
1807
1808
|
-
+
-
+
-
-
-
-
-
-
-
-
-
-
-
-
+
+
+
+
+
+
-
-
+
+
-
-
-
-
-
-
+
+
+
+
+
+
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
-
+
+
|
*
*------------------------------------------------------*
*/
static int TlsLibInit (void) {
static int initialized = 0;
int i;
char rnd_seed[16] = "GrzSlplKqUdnnzP!"; /* 16 bytes */
int status=TCL_OK;
int status = TCL_OK;
if (initialized) {
return status;
return(status);
}
initialized = 1;
#if defined(OPENSSL_THREADS) && defined(TCL_THREADS)
size_t num_locks;
Tcl_MutexLock(&init_mx);
#endif
if (CRYPTO_set_mem_functions((void *(*)(size_t))Tcl_Alloc,
(void *(*)(void *, size_t))Tcl_Realloc,
(void(*)(void *))Tcl_Free) == 0) {
/* Not using Tcl's mem functions ... not critical */
}
/* should we consider allocating mutexes? */
num_locks = CRYPTO_num_locks();
if (num_locks > CRYPTO_NUM_LOCKS) {
status=TCL_ERROR;
goto done;
}
CRYPTO_set_locking_callback(CryptoThreadLockCallback);
CRYPTO_set_id_callback(CryptoThreadIdCallback);
if (SSL_library_init() != 1) {
status=TCL_ERROR;
goto done;
}
SSL_load_error_strings();
ERR_load_crypto_strings();
/*
* Seed the random number generator in the SSL library,
* using the do/while construct because of the bug note in the
* OpenSSL FAQ at http://www.openssl.org/support/faq.html#USER1
*
* The crux of the problem is that Solaris 7 does not have a
* /dev/random or /dev/urandom device so it cannot gather enough
* entropy from the RAND_seed() when TLS initializes and refuses
* to go further. Earlier versions of OpenSSL carried on regardless.
*/
srand((unsigned int) time((time_t *) NULL));
do {
for (i = 0; i < 16; i++) {
rnd_seed[i] = 1 + (char) (255.0 * rand()/(RAND_MAX+1.0));
}
RAND_seed(rnd_seed, sizeof(rnd_seed));
} while (RAND_status() != 1);
Tcl_MutexUnlock(&init_mx);
|