TclTLS: Diff

Differences From Artifact [b29b9e852d]:

File tls.c — part of check-in [0cfe6dfb3c] at 2024-02-19 21:55:16 on branch main — Less compiler warnings (user: jan.nijtmans, size: 52394) [annotate] [blame] [check-ins using]

To Artifact [03228c38ef]:

File tls.c — part of check-in [ceb72b0012] at 2024-02-20 13:00:50 on branch main — Make all C-/H-files Tcl 9-ready, with all kinds of code-cleanup. Build environment not handled yet. (user: jan.nijtmans, size: 51434) [annotate] [blame] [check-ins using] [more...]

︙			︙
36 37 38 39 40 41 42 ~~43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62~~ 63 64 65 66 67 68 69	#define F2N( key, dsp) \ (((key) == NULL) ? (char ) NULL : \ Tcl_TranslateFileName(interp, (key), (dsp))) #define REASON() ERR_reason_error_string(ERR_get_error()) static void InfoCallback(const SSL ssl, int where, int ret); ~~static int CiphersObjCmd(ClientData clientData,~~ ~~Tcl_Interp interp, int objc, Tcl_Obj const objv[]);~~ static ~~int~~ HandshakeObjCmd~~(ClientData clientData,~~ ~~Tcl_Interp interp, int objc, Tcl_Obj const objv[]);~~ ~~static int ImportObjCmd(ClientData clientData,~~ ~~Tcl_Interp interp, int objc, Tcl_Obj const objv[]);~~ ~~static int StatusObjCmd(ClientData clientData,~~ ~~Tcl_Interp interp, int objc, Tcl_Obj const objv[]);~~ ~~static int VersionObjCmd(ClientData clientData,~~ ~~Tcl_Interp interp, int objc, Tcl_Obj const objv[]);~~ ~~static int MiscObjCmd(ClientData clientData,~~ ~~Tcl_Interp interp, int objc, Tcl_Obj const objv[]);~~ ~~static int UnimportObjCmd(ClientData clientData,~~ ~~Tcl_Interp interp, int objc, Tcl_Obj const objv[]);~~ static SSL_CTX CTX_Init(State statePtr, int isServer, int proto, char key, char certfile, unsigned char key_asn1, unsigned char cert_asn1, int key_asn1_len, int cert_asn1_len, char CAdir, char CAfile, char ciphers, char DHparams); static int TlsLibInit(int uninitialize);	< < \| \| < \| < < \| < < \| < < \| < < \| < <	36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56	#define F2N( key, dsp) \ (((key) == NULL) ? (char ) NULL : \ Tcl_TranslateFileName(interp, (key), (dsp))) #define REASON() ERR_reason_error_string(ERR_get_error()) static void InfoCallback(const SSL ssl, int where, int ret); static Tcl_ObjCmdProc CiphersObjCmd; static Tcl_ObjCmdProc HandshakeObjCmd; static Tcl_ObjCmdProc ImportObjCmd; static Tcl_ObjCmdProc StatusObjCmd; static Tcl_ObjCmdProc VersionObjCmd; static Tcl_ObjCmdProc MiscObjCmd; static Tcl_ObjCmdProc UnimportObjCmd; static SSL_CTX CTX_Init(State statePtr, int isServer, int proto, char key, char certfile, unsigned char key_asn1, unsigned char cert_asn1, int key_asn1_len, int cert_asn1_len, char CAdir, char CAfile, char ciphers, char DHparams); static int TlsLibInit(int uninitialize);
︙			︙
171 172 173 174 175 176 177 ~~178~~ 179 180 181 182 183 184 185	------------------------------------------------------------------- / static void InfoCallback(const SSL ssl, int where, int ret) { State statePtr = (State)SSL_get_app_data((SSL )ssl); Tcl_Obj cmdPtr; ~~char major~~; char~~ minor;~~ dprintf("Called"); if (statePtr->callback == (Tcl_Obj)NULL) return; cmdPtr = Tcl_DuplicateObj(statePtr->callback);	\|	158 159 160 161 162 163 164 165 166 167 168 169 170 171 172	------------------------------------------------------------------- / static void InfoCallback(const SSL ssl, int where, int ret) { State statePtr = (State)SSL_get_app_data((SSL )ssl); Tcl_Obj cmdPtr; const char major, minor; dprintf("Called"); if (statePtr->callback == (Tcl_Obj)NULL) return; cmdPtr = Tcl_DuplicateObj(statePtr->callback);
︙			︙
269 270 271 272 273 274 275 ~~276~~ 277 278 279 280 281 282 283	------------------------------------------------------------------- / static int VerifyCallback(int ok, X509_STORE_CTX ctx) { Tcl_Obj cmdPtr, result; char errStr, string; ~~~~int~~ length;~~ SSL ssl = (SSL)X509_STORE_CTX_get_ex_data(ctx, SSL_get_ex_data_X509_STORE_CTX_idx()); X509 cert = X509_STORE_CTX_get_current_cert(ctx); State statePtr = (State)SSL_get_app_data(ssl); int depth = X509_STORE_CTX_get_error_depth(ctx); int err = X509_STORE_CTX_get_error(ctx); dprintf("Verify: %d", ok);	\|	256 257 258 259 260 261 262 263 264 265 266 267 268 269 270	------------------------------------------------------------------- / static int VerifyCallback(int ok, X509_STORE_CTX ctx) { Tcl_Obj cmdPtr, result; char errStr, string; Tcl_Size length; SSL ssl = (SSL)X509_STORE_CTX_get_ex_data(ctx, SSL_get_ex_data_X509_STORE_CTX_idx()); X509 cert = X509_STORE_CTX_get_current_cert(ctx); State statePtr = (State)SSL_get_app_data(ssl); int depth = X509_STORE_CTX_get_error_depth(ctx); int err = X509_STORE_CTX_get_error(ctx); dprintf("Verify: %d", ok);
︙			︙
489 490 491 492 493 494 495 ~~496 497 498 499 500~~ 501 502 503 504 505 506 507	* * Side effects: * constructs and destroys SSL context (CTX) * ------------------------------------------------------------------- / static int ~~CiphersObjCmd(~~clientData, interp, objc, objv)~~ Cli~~entData clientData; /* Not used.~~ / Tcl_Interp interp; int objc; Tcl_Obj const objv[];~~ { static const char protocols[] = { "ssl2", "ssl3", "tls1", "tls1.1", "tls1.2", "tls1.3", NULL }; enum protocol { TLS_SSL2, TLS_SSL3, TLS_TLS1, TLS_TLS1_1, TLS_TLS1_2, TLS_TLS1_3, TLS_NONE };	\| \| \| \| \|	476 477 478 479 480 481 482 483 484 485 486 487 488 489 490 491 492 493 494	* * Side effects: * constructs and destroys SSL context (CTX) * ------------------------------------------------------------------- / static int CiphersObjCmd( TCL_UNUSED(void ), Tcl_Interp interp, int objc, Tcl_Obj const objv[]) { static const char protocols[] = { "ssl2", "ssl3", "tls1", "tls1.1", "tls1.2", "tls1.3", NULL }; enum protocol { TLS_SSL2, TLS_SSL3, TLS_TLS1, TLS_TLS1_1, TLS_TLS1_2, TLS_TLS1_3, TLS_NONE };
︙			︙
593 594 595 596 597 598 599 ~~600~~ 601 602 603 604 605 606 607 608 609 610 611 612 613 614 615 616 617 618 619 ~~620~~ 621 622 623 624 625 626 627 628 629 630 631 632 633 634 635 636 637 638 639 ~~640~~ 641 642 643 644 645 646 647	Tcl_ListObjAppendElement( interp, objPtr, Tcl_NewStringObj( cp, -1) ); } } else { sk = SSL_get_ciphers(ssl); for (index = 0; index < sk_SSL_CIPHER_num(sk); index++) { ~~~~register~~ size_t i;~~ SSL_CIPHER_description( sk_SSL_CIPHER_value( sk, index), buf, sizeof(buf)); for (i = strlen(buf) - 1; i ; i--) { if (buf[i] == ' ' \|\| buf[i] == '\n' \|\| buf[i] == '\r' \|\| buf[i] == '\t') { buf[i] = '\0'; } else { break; } } Tcl_ListObjAppendElement( interp, objPtr, Tcl_NewStringObj( buf, -1) ); } } SSL_free(ssl); SSL_CTX_free(ctx); Tcl_SetObjResult( interp, objPtr); return TCL_OK; ~~clientData = clientData;~~ } /* ------------------------------------------------------------------- * HandshakeObjCmd -- * * This command is used to verify whether the handshake is complete * or not. * * Results: * A standard Tcl result. 1 means handshake complete, 0 means pending. * * Side effects: * May force SSL negotiation to take place. * ------------------------------------------------------------------- / ~~static int HandshakeObjCmd(~~ClientData clientData, Tcl_Interp interp, int objc, Tcl_Obj const objv[]) {~~~~ Tcl_Channel chan; /* The channel to set a mode on. / State statePtr; /* client state for ssl socket / const char errStr = NULL; int ret = 1; int err = 0; dprintf("Called");	\| < \| > > > > >	580 581 582 583 584 585 586 587 588 589 590 591 592 593 594 595 596 597 598 599 600 601 602 603 604 605 606 607 608 609 610 611 612 613 614 615 616 617 618 619 620 621 622 623 624 625 626 627 628 629 630 631 632 633 634 635 636 637 638	Tcl_ListObjAppendElement( interp, objPtr, Tcl_NewStringObj( cp, -1) ); } } else { sk = SSL_get_ciphers(ssl); for (index = 0; index < sk_SSL_CIPHER_num(sk); index++) { size_t i; SSL_CIPHER_description( sk_SSL_CIPHER_value( sk, index), buf, sizeof(buf)); for (i = strlen(buf) - 1; i ; i--) { if (buf[i] == ' ' \|\| buf[i] == '\n' \|\| buf[i] == '\r' \|\| buf[i] == '\t') { buf[i] = '\0'; } else { break; } } Tcl_ListObjAppendElement( interp, objPtr, Tcl_NewStringObj( buf, -1) ); } } SSL_free(ssl); SSL_CTX_free(ctx); Tcl_SetObjResult( interp, objPtr); return TCL_OK; } /* ------------------------------------------------------------------- * HandshakeObjCmd -- * * This command is used to verify whether the handshake is complete * or not. * * Results: * A standard Tcl result. 1 means handshake complete, 0 means pending. * * Side effects: * May force SSL negotiation to take place. * ------------------------------------------------------------------- / static int HandshakeObjCmd( TCL_UNUSED(void ), Tcl_Interp interp, int objc, Tcl_Obj const objv[]) { Tcl_Channel chan; / The channel to set a mode on. / State statePtr; /* client state for ssl socket / const char errStr = NULL; int ret = 1; int err = 0; dprintf("Called");
︙			︙
695 696 697 698 699 700 701 ~~702 703~~ 704 705 706 707 708 709 710	ret = 1; } dprintf("Returning TCL_OK with data \"%i\"", ret); Tcl_SetObjResult(interp, Tcl_NewIntObj(ret)); return(TCL_OK); ~~clientData = clientData;~~ } /* ------------------------------------------------------------------- * ImportObjCmd -- *	< <	686 687 688 689 690 691 692 693 694 695 696 697 698 699	ret = 1; } dprintf("Returning TCL_OK with data \"%i\"", ret); Tcl_SetObjResult(interp, Tcl_NewIntObj(ret)); return(TCL_OK); } /* ------------------------------------------------------------------- * ImportObjCmd -- *
︙			︙
718 719 720 721 722 723 724 ~~725 726 727 728 729~~ 730 731 732 733 734 735 736 ~~737~~ 738 739 740 741 742 ~~743 744 745~~ 746 747 748 749 750 751 752	* Side effects: * May modify the behavior of an IO channel. * ------------------------------------------------------------------- / static int ~~ImportObjCmd(~~clientData, interp, objc, objv)~~ Cli~~entData clientData; /* Not used.~~ / Tcl_Interp interp; int objc; Tcl_Obj const objv[];~~ { Tcl_Channel chan; / The channel to set a mode on. / State statePtr; /* client state for ssl socket / SSL_CTX ctx = NULL; Tcl_Obj script = NULL; Tcl_Obj password = NULL; Tcl_DString upperChannelTranslation, upperChannelBlocking, upperChannelEncoding, upperChannelEOFChar; ~~int idx~~, len~~;~~ int flags = TLS_TCL_INIT; int server = 0; /* is connection incoming or outgoing? / char keyfile = NULL; char certfile = NULL; unsigned char key = NULL; ~~~~int~~ key_len = 0; unsigned char cert = NULL; ~~int~~ cert_len = 0;~~ char ciphers = NULL; char CAfile = NULL; char CAdir = NULL; char DHparams = NULL; char model = NULL; #ifndef OPENSSL_NO_TLSEXT char servername = NULL; / hostname for Server Name Indication */	\| \| \| \| \| \| > \| \| \|	707 708 709 710 711 712 713 714 715 716 717 718 719 720 721 722 723 724 725 726 727 728 729 730 731 732 733 734 735 736 737 738 739 740 741 742	* Side effects: * May modify the behavior of an IO channel. * ------------------------------------------------------------------- / static int ImportObjCmd( TCL_UNUSED(void ), Tcl_Interp interp, int objc, Tcl_Obj const objv[]) { Tcl_Channel chan; / The channel to set a mode on. / State statePtr; /* client state for ssl socket / SSL_CTX ctx = NULL; Tcl_Obj script = NULL; Tcl_Obj password = NULL; Tcl_DString upperChannelTranslation, upperChannelBlocking, upperChannelEncoding, upperChannelEOFChar; int idx; Tcl_Size len; int flags = TLS_TCL_INIT; int server = 0; /* is connection incoming or outgoing? / char keyfile = NULL; char certfile = NULL; unsigned char key = NULL; Tcl_Size key_len = 0; unsigned char cert = NULL; Tcl_Size cert_len = 0; char ciphers = NULL; char CAfile = NULL; char CAdir = NULL; char DHparams = NULL; char model = NULL; #ifndef OPENSSL_NO_TLSEXT char servername = NULL; / hostname for Server Name Indication */
︙			︙
815 816 817 818 819 820 821 ~~822 823 824~~ 825 826 827 828 829 830 831	#endif OPTBOOL( "-ssl2", ssl2); OPTBOOL( "-ssl3", ssl3); OPTBOOL( "-tls1", tls1); OPTBOOL( "-tls1.1", tls1_1); OPTBOOL( "-tls1.2", tls1_2); ~~OPTBOOL( "-tls1.3", tls1_3); OPTBYTE("-cert", cert, cert_len); OPTBYTE("-key", key, key_len);~~ OPTBAD( "option", "-cadir, -cafile, -cert, -certfile, -cipher, -command, -dhparams, -key, -keyfile, -model, -password, -require, -request, -server, -servername, -ssl2, -ssl3, -tls1, -tls1.1, -tls1.2, or tls1.3"); return TCL_ERROR; } if (request) verify \|= SSL_VERIFY_CLIENT_ONCE \| SSL_VERIFY_PEER; if (request && require) verify \|= SSL_VERIFY_FAIL_IF_NO_PEER_CERT;	\| \| \|	805 806 807 808 809 810 811 812 813 814 815 816 817 818 819 820 821	#endif OPTBOOL( "-ssl2", ssl2); OPTBOOL( "-ssl3", ssl3); OPTBOOL( "-tls1", tls1); OPTBOOL( "-tls1.1", tls1_1); OPTBOOL( "-tls1.2", tls1_2); OPTBOOL( "-tls1.3", tls1_3) OPTBYTE("-cert", cert, cert_len); OPTBYTE("-key", key, key_len); OPTBAD( "option", "-cadir, -cafile, -cert, -certfile, -cipher, -command, -dhparams, -key, -keyfile, -model, -password, -require, -request, -server, -servername, -ssl2, -ssl3, -tls1, -tls1.1, -tls1.2, or tls1.3"); return TCL_ERROR; } if (request) verify \|= SSL_VERIFY_CLIENT_ONCE \| SSL_VERIFY_PEER; if (request && require) verify \|= SSL_VERIFY_FAIL_IF_NO_PEER_CERT;
︙			︙
876 877 878 879 880 881 882 ~~883~~ 884 885 886 887 888 889 890 891 892 893 ~~894~~ 895 896 897 898 899 900 901 ~~902~~ 903 904 905 906 907 908 909	} if (model != NULL) { int mode; /* Get the "model" context / chan = Tcl_GetChannel(interp, model, &mode); if (chan == (Tcl_Channel) NULL) { ~~Tls_Free(statePtr);~~ return TCL_ERROR; } / * Make sure to operate on the topmost channel / chan = Tcl_GetTopChannel(chan); if (Tcl_GetChannelType(chan) != Tls_ChannelType()) { Tcl_AppendResult(interp, "bad channel \"", Tcl_GetChannelName(chan), "\": not a TLS channel", NULL); ~~Tls_Free(statePtr);~~ return TCL_ERROR; } ctx = ((State )Tcl_GetChannelInstanceData(chan))->ctx; } else { if ((ctx = CTX_Init(statePtr, server, proto, keyfile, certfile, key, cert, key_len, cert_len, CAdir, CAfile, ciphers, DHparams)) == (SSL_CTX)0) { ~~Tls_Free(statePtr);~~ return TCL_ERROR; } } statePtr->ctx = ctx; /	\| \| \|	866 867 868 869 870 871 872 873 874 875 876 877 878 879 880 881 882 883 884 885 886 887 888 889 890 891 892 893 894 895 896 897 898 899	} if (model != NULL) { int mode; /* Get the "model" context / chan = Tcl_GetChannel(interp, model, &mode); if (chan == (Tcl_Channel) NULL) { Tls_Free((void )statePtr); return TCL_ERROR; } /* * Make sure to operate on the topmost channel / chan = Tcl_GetTopChannel(chan); if (Tcl_GetChannelType(chan) != Tls_ChannelType()) { Tcl_AppendResult(interp, "bad channel \"", Tcl_GetChannelName(chan), "\": not a TLS channel", NULL); Tls_Free((void )statePtr); return TCL_ERROR; } ctx = ((State )Tcl_GetChannelInstanceData(chan))->ctx; } else { if ((ctx = CTX_Init(statePtr, server, proto, keyfile, certfile, key, cert, key_len, cert_len, CAdir, CAfile, ciphers, DHparams)) == (SSL_CTX)0) { Tls_Free((void )statePtr); return TCL_ERROR; } } statePtr->ctx = ctx; /
︙			︙
925 926 927 928 929 930 931 ~~932~~ 933 934 935 936 937 938 939 940 941 942 943 944 945 946 947 948 949 ~~950~~ 951 952 953 954 955 956 957 958 ~~959~~ 960 961 962 963 964 965 966	dprintf("Consuming Tcl channel %s", Tcl_GetChannelName(chan)); statePtr->self = Tcl_StackChannel(interp, Tls_ChannelType(), statePtr, (TCL_READABLE \| TCL_WRITABLE), chan); dprintf("Created channel named %s", Tcl_GetChannelName(statePtr->self)); if (statePtr->self == (Tcl_Channel) NULL) { /* * No use of Tcl_EventuallyFree because no possible Tcl_Preserve. / ~~Tls_Free(statePtr);~~ return TCL_ERROR; } Tcl_SetChannelOption(interp, statePtr->self, "-translation", Tcl_DStringValue(&upperChannelTranslation)); Tcl_SetChannelOption(interp, statePtr->self, "-encoding", Tcl_DStringValue(&upperChannelEncoding)); Tcl_SetChannelOption(interp, statePtr->self, "-eofchar", Tcl_DStringValue(&upperChannelEOFChar)); Tcl_SetChannelOption(interp, statePtr->self, "-blocking", Tcl_DStringValue(&upperChannelBlocking)); / * SSL Initialization / statePtr->ssl = SSL_new(statePtr->ctx); if (!statePtr->ssl) { / SSL library error / Tcl_AppendResult(interp, "couldn't construct ssl session: ", REASON(), (char ) NULL); ~~Tls_Free(statePtr);~~ return TCL_ERROR; } #ifndef OPENSSL_NO_TLSEXT if (servername) { if (!SSL_set_tlsext_host_name(statePtr->ssl, servername) && require) { Tcl_AppendResult(interp, "setting TLS host name extension failed", (char ) NULL); ~~Tls_Free(statePtr);~~ return TCL_ERROR; } } #endif / * SSL Callbacks	\| \| \|	915 916 917 918 919 920 921 922 923 924 925 926 927 928 929 930 931 932 933 934 935 936 937 938 939 940 941 942 943 944 945 946 947 948 949 950 951 952 953 954 955 956	dprintf("Consuming Tcl channel %s", Tcl_GetChannelName(chan)); statePtr->self = Tcl_StackChannel(interp, Tls_ChannelType(), statePtr, (TCL_READABLE \| TCL_WRITABLE), chan); dprintf("Created channel named %s", Tcl_GetChannelName(statePtr->self)); if (statePtr->self == (Tcl_Channel) NULL) { /* * No use of Tcl_EventuallyFree because no possible Tcl_Preserve. / Tls_Free((void )statePtr); return TCL_ERROR; } Tcl_SetChannelOption(interp, statePtr->self, "-translation", Tcl_DStringValue(&upperChannelTranslation)); Tcl_SetChannelOption(interp, statePtr->self, "-encoding", Tcl_DStringValue(&upperChannelEncoding)); Tcl_SetChannelOption(interp, statePtr->self, "-eofchar", Tcl_DStringValue(&upperChannelEOFChar)); Tcl_SetChannelOption(interp, statePtr->self, "-blocking", Tcl_DStringValue(&upperChannelBlocking)); /* * SSL Initialization / statePtr->ssl = SSL_new(statePtr->ctx); if (!statePtr->ssl) { / SSL library error / Tcl_AppendResult(interp, "couldn't construct ssl session: ", REASON(), (char ) NULL); Tls_Free((void )statePtr); return TCL_ERROR; } #ifndef OPENSSL_NO_TLSEXT if (servername) { if (!SSL_set_tlsext_host_name(statePtr->ssl, servername) && require) { Tcl_AppendResult(interp, "setting TLS host name extension failed", (char ) NULL); Tls_Free((void )statePtr); return TCL_ERROR; } } #endif / * SSL Callbacks
︙			︙
988 989 990 991 992 993 994 ~~995~~ 996 997 998 999 1000 1001 1002 1003 1004 1005 1006 1007 1008 1009 1010 1011 1012 1013 1014 ~~1015 1016 1017 1018 1019~~ 1020 1021 1022 1023 1024 1025 1026	/* * End of SSL Init / dprintf("Returning %s", Tcl_GetChannelName(statePtr->self)); Tcl_SetResult(interp, (char ) Tcl_GetChannelName(statePtr->self), TCL_VOLATILE); return TCL_OK; ~~clientData = clientData;~~ } /* ------------------------------------------------------------------- * UnimportObjCmd -- * * This procedure is invoked to remove the topmost channel filter. * * Results: * A standard Tcl result. * * Side effects: * May modify the behavior of an IO channel. * ------------------------------------------------------------------- / static int ~~UnimportObjCmd(~~clientData, interp, objc, objv)~~ Cli~~entData clientData; /* Not used.~~ / Tcl_Interp interp; int objc; Tcl_Obj const objv[];~~ { Tcl_Channel chan; / The channel to set a mode on. */ dprintf("Called"); if (objc != 2) { Tcl_WrongNumArgs(interp, 1, objv, "channel");	< \| \| \| \| \|	978 979 980 981 982 983 984 985 986 987 988 989 990 991 992 993 994 995 996 997 998 999 1000 1001 1002 1003 1004 1005 1006 1007 1008 1009 1010 1011 1012 1013 1014 1015	/* * End of SSL Init / dprintf("Returning %s", Tcl_GetChannelName(statePtr->self)); Tcl_SetResult(interp, (char ) Tcl_GetChannelName(statePtr->self), TCL_VOLATILE); return TCL_OK; } /* ------------------------------------------------------------------- * UnimportObjCmd -- * * This procedure is invoked to remove the topmost channel filter. * * Results: * A standard Tcl result. * * Side effects: * May modify the behavior of an IO channel. * ------------------------------------------------------------------- / static int UnimportObjCmd( TCL_UNUSED(void ), Tcl_Interp interp, int objc, Tcl_Obj const objv[]) { Tcl_Channel chan; / The channel to set a mode on. */ dprintf("Called"); if (objc != 2) { Tcl_WrongNumArgs(interp, 1, objv, "channel");
︙			︙
1044 1045 1046 1047 1048 1049 1050 ~~1051~~ 1052 1053 1054 1055 1056 1057 1058 1059 1060 1061 1062 1063 1064 1065 1066 1067 1068 ~~1069 1070 1071 1072 1073 1074 1075 1076 1077 1078 1079 1080 1081 1082 1083~~ 1084 1085 1086 1087 1088 1089 1090	} if (Tcl_UnstackChannel(interp, chan) == TCL_ERROR) { return TCL_ERROR; } return TCL_OK; ~~clientData = clientData;~~ } /* ------------------------------------------------------------------- * CTX_Init -- construct a SSL_CTX instance * * Results: * A valid SSL_CTX instance or NULL. * * Side effects: * constructs SSL context (CTX) * ------------------------------------------------------------------- / static SSL_CTX * CTX_Init(~~statePtr, isServer, proto, keyfile, certfile, key, cert,~~ ~~key_len, cert_len, CAdir, CAfile, ciphers, DHparams)~~ State statePtr; ~~int~~ isServer; int proto; char keyfile; char certfile; unsigned char key; unsigned char cert; int key_len; int cert_len; char CAdir; char CAfile; char ciphers; char DHparams; { Tcl_Interp interp = statePtr->interp; SSL_CTX *ctx = NULL; Tcl_DString ds; Tcl_DString ds1; int off = 0; int load_private_key;	< \| < \| \| \| \| \| \| \| \| \| \| \| \| \|	1033 1034 1035 1036 1037 1038 1039 1040 1041 1042 1043 1044 1045 1046 1047 1048 1049 1050 1051 1052 1053 1054 1055 1056 1057 1058 1059 1060 1061 1062 1063 1064 1065 1066 1067 1068 1069 1070 1071 1072 1073 1074 1075 1076 1077	} if (Tcl_UnstackChannel(interp, chan) == TCL_ERROR) { return TCL_ERROR; } return TCL_OK; } /* ------------------------------------------------------------------- * CTX_Init -- construct a SSL_CTX instance * * Results: * A valid SSL_CTX instance or NULL. * * Side effects: * constructs SSL context (CTX) * ------------------------------------------------------------------- / static SSL_CTX * CTX_Init( State statePtr, TCL_UNUSED(int) / isServer /, int proto, char keyfile, char certfile, unsigned char key, unsigned char cert, int key_len, int cert_len, char CAdir, char CAfile, char ciphers, char DHparams) { Tcl_Interp interp = statePtr->interp; SSL_CTX *ctx = NULL; Tcl_DString ds; Tcl_DString ds1; int off = 0; int load_private_key;
︙			︙
1395 1396 1397 1398 1399 1400 1401 ~~1402 1403 1404 1405 1406~~ 1407 1408 1409 1410 1411 1412 1413 1414 1415 1416 1417 1418 1419 1420 1421 1422 1423 1424 1425 1426 ~~1427~~ 1428 1429 1430 1431 1432 1433 1434	* * Side effects: * None. * ------------------------------------------------------------------- / static int ~~StatusObjCmd(~~clientData, interp, objc, objv)~~ Cli~~entData clientData; /* Not used.~~ / Tcl_Interp interp; int objc; Tcl_Obj const objv[];~~ { State statePtr; X509 peer; Tcl_Obj objPtr; Tcl_Channel chan; char channelName, ciphers; int mode; dprintf("Called"); switch (objc) { case 2: channelName = Tcl_GetString(objv[1]); break; case 3: if (!strcmp (Tcl_GetString (objv[1]), "-local")) { channelName = Tcl_GetString(objv[2]); break; } ~~/* ~~else~~ fall~~...~~ */~~ default: Tcl_WrongNumArgs(interp, 1, objv, "?-local? channel"); return TCL_ERROR; } chan = Tcl_GetChannel(interp, channelName, &mode); if (chan == (Tcl_Channel) NULL) {	\| \| \| \| \| \|	1382 1383 1384 1385 1386 1387 1388 1389 1390 1391 1392 1393 1394 1395 1396 1397 1398 1399 1400 1401 1402 1403 1404 1405 1406 1407 1408 1409 1410 1411 1412 1413 1414 1415 1416 1417 1418 1419 1420 1421	* * Side effects: * None. * ------------------------------------------------------------------- / static int StatusObjCmd( TCL_UNUSED(void ), Tcl_Interp interp, int objc, Tcl_Obj const objv[]) { State statePtr; X509 peer; Tcl_Obj objPtr; Tcl_Channel chan; char channelName, ciphers; int mode; dprintf("Called"); switch (objc) { case 2: channelName = Tcl_GetString(objv[1]); break; case 3: if (!strcmp (Tcl_GetString (objv[1]), "-local")) { channelName = Tcl_GetString(objv[2]); break; } /* fallthrough */ default: Tcl_WrongNumArgs(interp, 1, objv, "?-local? channel"); return TCL_ERROR; } chan = Tcl_GetChannel(interp, channelName, &mode); if (chan == (Tcl_Channel) NULL) {
︙			︙
1472 1473 1474 1475 1476 1477 1478 ~~1479~~ 1480 1481 1482 1483 1484 1485 1486 1487 1488 1489 1490 1491 1492 1493 1494 1495 ~~1496 1497 1498 1499 1500~~ 1501 1502 1503 1504 1505 1506 1507 1508 1509 ~~1510 1511 1512~~ 1513 1514 1515 1516 1517 1518 1519 1520 1521 1522 1523 1524 1525 1526 1527 1528 ~~1529 1530 1531 1532 1533~~ 1534 1535 1536 1537 1538 1539 1540	Tcl_ListObjAppendElement(interp, objPtr, Tcl_NewStringObj("version", -1)); Tcl_ListObjAppendElement(interp, objPtr, Tcl_NewStringObj(SSL_get_version(statePtr->ssl), -1)); Tcl_SetObjResult( interp, objPtr); return TCL_OK; ~~clientData = clientData;~~ } /* ------------------------------------------------------------------- * VersionObjCmd -- return version string from OpenSSL. * * Results: * A standard Tcl result. * * Side effects: * None. * ------------------------------------------------------------------- / static int ~~VersionObjCmd(~~clientData, interp, objc, objv)~~ Cli~~entData clientData; /* Not used.~~ / Tcl_Interp interp; ~~int~~ objc; Tcl_Obj const objv~~[];~~~~ { Tcl_Obj objPtr; dprintf("Called"); objPtr = Tcl_NewStringObj(OPENSSL_VERSION_TEXT, -1); Tcl_SetObjResult(interp, objPtr); return TCL_OK; ~~clientData = clientData;~~ ~~objc = objc;~~ ~~objv = objv;~~ } /* ------------------------------------------------------------------- * MiscObjCmd -- misc commands * * Results: * A standard Tcl result. * * Side effects: * None. * ------------------------------------------------------------------- / static int ~~MiscObjCmd(~~clientData, interp, objc, objv)~~ Cli~~entData clientData; /* Not used.~~ / Tcl_Interp interp; int objc; Tcl_Obj const objv[];~~ { static const char commands [] = { "req", NULL }; enum command { C_REQ, C_DUMMY }; int cmd; dprintf("Called");	< \| \| \| \| \| < < < \| \| \| \| \|	1459 1460 1461 1462 1463 1464 1465 1466 1467 1468 1469 1470 1471 1472 1473 1474 1475 1476 1477 1478 1479 1480 1481 1482 1483 1484 1485 1486 1487 1488 1489 1490 1491 1492 1493 1494 1495 1496 1497 1498 1499 1500 1501 1502 1503 1504 1505 1506 1507 1508 1509 1510 1511 1512 1513 1514 1515 1516 1517 1518 1519 1520 1521 1522 1523	Tcl_ListObjAppendElement(interp, objPtr, Tcl_NewStringObj("version", -1)); Tcl_ListObjAppendElement(interp, objPtr, Tcl_NewStringObj(SSL_get_version(statePtr->ssl), -1)); Tcl_SetObjResult( interp, objPtr); return TCL_OK; } /* ------------------------------------------------------------------- * VersionObjCmd -- return version string from OpenSSL. * * Results: * A standard Tcl result. * * Side effects: * None. * ------------------------------------------------------------------- / static int VersionObjCmd( TCL_UNUSED(void ), Tcl_Interp interp, TCL_UNUSED(int) /* objc /, TCL_UNUSED(Tcl_Obj const ) / objv /) { Tcl_Obj objPtr; dprintf("Called"); objPtr = Tcl_NewStringObj(OPENSSL_VERSION_TEXT, -1); Tcl_SetObjResult(interp, objPtr); return TCL_OK; } /* ------------------------------------------------------------------- * MiscObjCmd -- misc commands * * Results: * A standard Tcl result. * * Side effects: * None. * ------------------------------------------------------------------- / static int MiscObjCmd( TCL_UNUSED(void ), Tcl_Interp interp, int objc, Tcl_Obj const objv[]) { static const char commands [] = { "req", NULL }; enum command { C_REQ, C_DUMMY }; int cmd; dprintf("Called");
︙			︙
1549 1550 1551 1552 1553 1554 1555 ~~1556~~ 1557 1558 1559 ~~1560~~ 1561 1562 1563 1564 1565 1566 1567	switch ((enum command) cmd) { case C_REQ: { EVP_PKEY pkey=NULL; X509 cert=NULL; X509_NAME name=NULL; Tcl_Obj listv; ~~~~int~~ listc,i;~~ BIO out=NULL; ~~char k_C="",k_ST="",k_L="",k_O="",k_OU="",k_CN="",k_Email="";~~ char keyout,pemout,str; int keysize,serial=0,days=365; if ((objc<5) \|\| (objc>6)) { Tcl_WrongNumArgs(interp, 2, objv, "keysize keyfile certfile ?info?"); return TCL_ERROR; }	\| \|	1532 1533 1534 1535 1536 1537 1538 1539 1540 1541 1542 1543 1544 1545 1546 1547 1548 1549 1550	switch ((enum command) cmd) { case C_REQ: { EVP_PKEY pkey=NULL; X509 cert=NULL; X509_NAME name=NULL; Tcl_Obj listv; Tcl_Size listc,i; BIO out=NULL; const char k_C="",k_ST="",k_L="",k_O="",k_OU="",k_CN="",k_Email=""; char keyout,pemout,str; int keysize,serial=0,days=365; if ((objc<5) \|\| (objc>6)) { Tcl_WrongNumArgs(interp, 2, objv, "keysize keyfile certfile ?info?"); return TCL_ERROR; }
︙			︙
1670 1671 1672 1673 1674 1675 1676 ~~1677~~ 1678 1679 1680 1681 1682 1683 1684 1685 1686 1687 1688 1689 1690 1691 1692 1693 1694 1695 1696 1697 1698 1699 1700 1701 1702 1703 1704	} } break; default: break; } return TCL_OK; ~~clientData = clientData;~~ } /* ------------------------------------------------------------------- * Tls_Free -- * * This procedure cleans up when a SSL socket based channel * is closed and its reference count falls below 1 * * Results: * none * * Side effects: * Frees all the state * ------------------------------------------------------------------- / void Tls_Free( void blockPtr ) { State statePtr = (State *)blockPtr; dprintf("Called"); Tls_Clean(statePtr); ckfree(blockPtr);	< > > > >	1653 1654 1655 1656 1657 1658 1659 1660 1661 1662 1663 1664 1665 1666 1667 1668 1669 1670 1671 1672 1673 1674 1675 1676 1677 1678 1679 1680 1681 1682 1683 1684 1685 1686 1687 1688 1689 1690	} } break; default: break; } return TCL_OK; } /* ------------------------------------------------------------------- * Tls_Free -- * * This procedure cleans up when a SSL socket based channel * is closed and its reference count falls below 1 * * Results: * none * * Side effects: * Frees all the state * ------------------------------------------------------------------- / void #if TCL_MAJOR_VERSION > 8 Tls_Free( void blockPtr ) #else Tls_Free( char blockPtr ) #endif { State statePtr = (State )blockPtr; dprintf("Called"); Tls_Clean(statePtr); ckfree(blockPtr);
︙			︙