Diff
EuroTcl/OpenACS 11 - 12 JULY 2024, VIENNA

Differences From Artifact [d3b28a3feb]:

To Artifact [b53356134d]:


40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
 *-------------------------------------------------------------------
 */
void NamesCallback(const OBJ_NAME *obj, void *arg) {
    Tcl_Obj *listObj = (Tcl_Obj *) arg;

    /* Fields: (int) type and alias, (const char*) name (alias from) and data (alias to) */
    if (strstr(obj->name, "rsa") == NULL && strstr(obj->name, "RSA") == NULL) {
	Tcl_ListObjAppendElement(NULL, listObj, Tcl_NewStringObj(obj->name,-1));
    }
}

/*******************************************************************/

/*
 *-------------------------------------------------------------------







|







40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
 *-------------------------------------------------------------------
 */
void NamesCallback(const OBJ_NAME *obj, void *arg) {
    Tcl_Obj *listObj = (Tcl_Obj *) arg;

    /* Fields: (int) type and alias, (const char*) name (alias from) and data (alias to) */
    if (strstr(obj->name, "rsa") == NULL && strstr(obj->name, "RSA") == NULL) {
	Tcl_ListObjAppendElement(NULL, listObj, Tcl_NewStringObj(obj->name, -1));
    }
}

/*******************************************************************/

/*
 *-------------------------------------------------------------------
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
 *-------------------------------------------------------------------
 */
int CipherInfo(Tcl_Interp *interp, Tcl_Obj *nameObj) {
    const EVP_CIPHER *cipher;
    Tcl_Obj *resultObj, *listObj;
    unsigned long flags, mode;
    unsigned char *modeName = NULL;
    char *name = Tcl_GetStringFromObj(nameObj,NULL);

    /* Get cipher */
    cipher = EVP_get_cipherbyname(name);

    if (cipher == NULL) {
	Tcl_AppendResult(interp, "Invalid cipher \"", name, "\"", NULL);
	return TCL_ERROR;
    }

    /* Get properties */
    resultObj = Tcl_NewListObj(0, NULL);
    if (resultObj == NULL) {
	return TCL_ERROR;







|





|







66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
 *-------------------------------------------------------------------
 */
int CipherInfo(Tcl_Interp *interp, Tcl_Obj *nameObj) {
    const EVP_CIPHER *cipher;
    Tcl_Obj *resultObj, *listObj;
    unsigned long flags, mode;
    unsigned char *modeName = NULL;
    char *name = Tcl_GetStringFromObj(nameObj, (Tcl_Size *) NULL);

    /* Get cipher */
    cipher = EVP_get_cipherbyname(name);

    if (cipher == NULL) {
	Tcl_AppendResult(interp, "Invalid cipher \"", name, "\"", (char *) NULL);
	return TCL_ERROR;
    }

    /* Get properties */
    resultObj = Tcl_NewListObj(0, NULL);
    if (resultObj == NULL) {
	return TCL_ERROR;
260
261
262
263
264
265
266

267
268
269
270
271
272
273
274
 *
 *-------------------------------------------------------------------
 */
static int CiphersObjCmd(ClientData clientData, Tcl_Interp *interp, int objc, Tcl_Obj *const objv[]) {
    SSL_CTX *ctx = NULL;
    SSL *ssl = NULL;
    STACK_OF(SSL_CIPHER) *sk = NULL;

    int index, verbose = 0, use_supported = 0, res = TCL_OK;
    int min_version, max_version;
    (void) clientData;

    dprintf("Called");

    /* Clear errors */
    Tcl_ResetResult(interp);







>
|







260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
 *
 *-------------------------------------------------------------------
 */
static int CiphersObjCmd(ClientData clientData, Tcl_Interp *interp, int objc, Tcl_Obj *const objv[]) {
    SSL_CTX *ctx = NULL;
    SSL *ssl = NULL;
    STACK_OF(SSL_CIPHER) *sk = NULL;
    Tcl_Size index;
    int verbose = 0, use_supported = 0, res = TCL_OK;
    int min_version, max_version;
    (void) clientData;

    dprintf("Called");

    /* Clear errors */
    Tcl_ResetResult(interp);
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
	(objc > 2 && Tcl_GetBooleanFromObj(interp, objv[2], &verbose) != TCL_OK) ||
	(objc > 3 && Tcl_GetBooleanFromObj(interp, objv[3], &use_supported) != TCL_OK)) {
	return TCL_ERROR;
    }

    switch ((enum protocol)index) {
	case TLS_SSL2:
	    Tcl_AppendResult(interp, protocols[index], ": protocol not supported", NULL);
	    return TCL_ERROR;
	case TLS_SSL3:
#if defined(NO_SSL3) || defined(OPENSSL_NO_SSL3) || defined(OPENSSL_NO_SSL3_METHOD)
	    Tcl_AppendResult(interp, protocols[index], ": protocol not supported", NULL);
	    return TCL_ERROR;
#else
            min_version = SSL3_VERSION;
            max_version = SSL3_VERSION;
	    break;
#endif
	case TLS_TLS1:
#if defined(NO_TLS1) || defined(OPENSSL_NO_TLS1) || defined(OPENSSL_NO_TLS1_METHOD)
	    Tcl_AppendResult(interp, protocols[index], ": protocol not supported", NULL);
	    return TCL_ERROR;
#else
            min_version = TLS1_VERSION;
            max_version = TLS1_VERSION;
	    break;
#endif
	case TLS_TLS1_1:
#if defined(NO_TLS1_1) || defined(OPENSSL_NO_TLS1_1) || defined(OPENSSL_NO_TLS1_1_METHOD)
	    Tcl_AppendResult(interp, protocols[index], ": protocol not supported", NULL);
	    return TCL_ERROR;
#else
            min_version = TLS1_1_VERSION;
            max_version = TLS1_1_VERSION;
	    break;
#endif
	case TLS_TLS1_2:
#if defined(NO_TLS1_2) || defined(OPENSSL_NO_TLS1_2) || defined(OPENSSL_NO_TLS1_2_METHOD)
	    Tcl_AppendResult(interp, protocols[index], ": protocol not supported", NULL);
	    return TCL_ERROR;
#else
            min_version = TLS1_2_VERSION;
            max_version = TLS1_2_VERSION;
	    break;
#endif
	case TLS_TLS1_3:
#if defined(NO_TLS1_3) || defined(OPENSSL_NO_TLS1_3)
	    Tcl_AppendResult(interp, protocols[index], ": protocol not supported", NULL);
	    return TCL_ERROR;
#else
            min_version = TLS1_3_VERSION;
            max_version = TLS1_3_VERSION;
	    break;
#endif
	default:
            min_version = SSL3_VERSION;
            max_version = TLS1_3_VERSION;
	    break;
    }

    /* Create context */
    if ((ctx = SSL_CTX_new(TLS_server_method())) == NULL) {
	Tcl_AppendResult(interp, REASON(), NULL);
	return TCL_ERROR;
    }

    /* Set protocol versions */
    if (SSL_CTX_set_min_proto_version(ctx, min_version) == 0 ||
	SSL_CTX_set_max_proto_version(ctx, max_version) == 0) {
	SSL_CTX_free(ctx);
	return TCL_ERROR;
    }

    /* Create SSL context */
    if ((ssl = SSL_new(ctx)) == NULL) {
	Tcl_AppendResult(interp, REASON(), NULL);
	SSL_CTX_free(ctx);
	return TCL_ERROR;
    }

    /* Use list and order as would be sent in a ClientHello or all available ciphers */
    if (use_supported) {
	sk = SSL_get1_supported_ciphers(ssl);







|



|








|








|








|








|














|












|







291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
	(objc > 2 && Tcl_GetBooleanFromObj(interp, objv[2], &verbose) != TCL_OK) ||
	(objc > 3 && Tcl_GetBooleanFromObj(interp, objv[3], &use_supported) != TCL_OK)) {
	return TCL_ERROR;
    }

    switch ((enum protocol)index) {
	case TLS_SSL2:
	    Tcl_AppendResult(interp, protocols[index], ": protocol not supported", (char *) NULL);
	    return TCL_ERROR;
	case TLS_SSL3:
#if defined(NO_SSL3) || defined(OPENSSL_NO_SSL3) || defined(OPENSSL_NO_SSL3_METHOD)
	    Tcl_AppendResult(interp, protocols[index], ": protocol not supported", (char *) NULL);
	    return TCL_ERROR;
#else
            min_version = SSL3_VERSION;
            max_version = SSL3_VERSION;
	    break;
#endif
	case TLS_TLS1:
#if defined(NO_TLS1) || defined(OPENSSL_NO_TLS1) || defined(OPENSSL_NO_TLS1_METHOD)
	    Tcl_AppendResult(interp, protocols[index], ": protocol not supported", (char *) NULL);
	    return TCL_ERROR;
#else
            min_version = TLS1_VERSION;
            max_version = TLS1_VERSION;
	    break;
#endif
	case TLS_TLS1_1:
#if defined(NO_TLS1_1) || defined(OPENSSL_NO_TLS1_1) || defined(OPENSSL_NO_TLS1_1_METHOD)
	    Tcl_AppendResult(interp, protocols[index], ": protocol not supported", (char *) NULL);
	    return TCL_ERROR;
#else
            min_version = TLS1_1_VERSION;
            max_version = TLS1_1_VERSION;
	    break;
#endif
	case TLS_TLS1_2:
#if defined(NO_TLS1_2) || defined(OPENSSL_NO_TLS1_2) || defined(OPENSSL_NO_TLS1_2_METHOD)
	    Tcl_AppendResult(interp, protocols[index], ": protocol not supported", (char *) NULL);
	    return TCL_ERROR;
#else
            min_version = TLS1_2_VERSION;
            max_version = TLS1_2_VERSION;
	    break;
#endif
	case TLS_TLS1_3:
#if defined(NO_TLS1_3) || defined(OPENSSL_NO_TLS1_3)
	    Tcl_AppendResult(interp, protocols[index], ": protocol not supported", (char *) NULL);
	    return TCL_ERROR;
#else
            min_version = TLS1_3_VERSION;
            max_version = TLS1_3_VERSION;
	    break;
#endif
	default:
            min_version = SSL3_VERSION;
            max_version = TLS1_3_VERSION;
	    break;
    }

    /* Create context */
    if ((ctx = SSL_CTX_new(TLS_server_method())) == NULL) {
	Tcl_AppendResult(interp, REASON(), (char *) NULL);
	return TCL_ERROR;
    }

    /* Set protocol versions */
    if (SSL_CTX_set_min_proto_version(ctx, min_version) == 0 ||
	SSL_CTX_set_max_proto_version(ctx, max_version) == 0) {
	SSL_CTX_free(ctx);
	return TCL_ERROR;
    }

    /* Create SSL context */
    if ((ssl = SSL_new(ctx)) == NULL) {
	Tcl_AppendResult(interp, REASON(), (char *) NULL);
	SSL_CTX_free(ctx);
	return TCL_ERROR;
    }

    /* Use list and order as would be sent in a ClientHello or all available ciphers */
    if (use_supported) {
	sk = SSL_get1_supported_ciphers(ssl);
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
		cp = SSL_CIPHER_get_name(c);
		if (cp == NULL) break;
		Tcl_ListObjAppendElement(interp, resultObj, Tcl_NewStringObj(cp, -1));
	    }

	} else {
	    char buf[BUFSIZ];
	    resultObj = Tcl_NewStringObj("",0);
	    if (resultObj == NULL) {
		res = TCL_ERROR;
		goto done;
	    }

	    for (int i = 0; i < sk_SSL_CIPHER_num(sk); i++) {
		const SSL_CIPHER *c = sk_SSL_CIPHER_value(sk, i);







|







395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
		cp = SSL_CIPHER_get_name(c);
		if (cp == NULL) break;
		Tcl_ListObjAppendElement(interp, resultObj, Tcl_NewStringObj(cp, -1));
	    }

	} else {
	    char buf[BUFSIZ];
	    resultObj = Tcl_NewStringObj("", 0);
	    if (resultObj == NULL) {
		res = TCL_ERROR;
		goto done;
	    }

	    for (int i = 0; i < sk_SSL_CIPHER_num(sk); i++) {
		const SSL_CIPHER *c = sk_SSL_CIPHER_value(sk, i);
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
 *-------------------------------------------------------------------
 */
int DigestInfo(Tcl_Interp *interp, Tcl_Obj *nameObj) {
    EVP_MD *md;
    Tcl_Obj *resultObj, *listObj;
    unsigned long flags;
    int res = TCL_OK;
    char *name = Tcl_GetStringFromObj(nameObj,NULL);

    /* Get message digest */
    md = EVP_get_digestbyname(name);

    if (md == NULL) {
	Tcl_AppendResult(interp, "Invalid digest \"", name, "\"", NULL);
	return TCL_ERROR;
    }

    /* Get properties */
    resultObj = Tcl_NewListObj(0, NULL);
    if (resultObj == NULL) {
	return TCL_ERROR;







|





|







449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
 *-------------------------------------------------------------------
 */
int DigestInfo(Tcl_Interp *interp, Tcl_Obj *nameObj) {
    EVP_MD *md;
    Tcl_Obj *resultObj, *listObj;
    unsigned long flags;
    int res = TCL_OK;
    char *name = Tcl_GetStringFromObj(nameObj, (Tcl_Size *) NULL);

    /* Get message digest */
    md = EVP_get_digestbyname(name);

    if (md == NULL) {
	Tcl_AppendResult(interp, "Invalid digest \"", name, "\"", (char *) NULL);
	return TCL_ERROR;
    }

    /* Get properties */
    resultObj = Tcl_NewListObj(0, NULL);
    if (resultObj == NULL) {
	return TCL_ERROR;
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
 *	None.
 *
 *-------------------------------------------------------------------
 */
int MacInfo(Tcl_Interp *interp, Tcl_Obj *nameObj) {
    Tcl_Obj *resultObj;
    int res = TCL_OK;
    char *name = Tcl_GetStringFromObj(nameObj,NULL);

    if (strcmp(name, "cmac") != 0 && strcmp(name, "hmac") != 0) {
	Tcl_AppendResult(interp, "Invalid MAC \"", name, "\"", NULL);
	return TCL_ERROR;
    }

    /* Get properties */
    resultObj = Tcl_NewListObj(0, NULL);
    if (resultObj == NULL) {
	return TCL_ERROR;







|


|







642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
 *	None.
 *
 *-------------------------------------------------------------------
 */
int MacInfo(Tcl_Interp *interp, Tcl_Obj *nameObj) {
    Tcl_Obj *resultObj;
    int res = TCL_OK;
    char *name = Tcl_GetStringFromObj(nameObj, (Tcl_Size *) NULL);

    if (strcmp(name, "cmac") != 0 && strcmp(name, "hmac") != 0) {
	Tcl_AppendResult(interp, "Invalid MAC \"", name, "\"", (char *) NULL);
	return TCL_ERROR;
    }

    /* Get properties */
    resultObj = Tcl_NewListObj(0, NULL);
    if (resultObj == NULL) {
	return TCL_ERROR;
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
 *	None.
 *
 *-------------------------------------------------------------------
 */
int PkeyInfo(Tcl_Interp *interp, Tcl_Obj *nameObj) {
    Tcl_Obj *resultObj;
    int res = TCL_OK;
    char *name = Tcl_GetStringFromObj(nameObj,NULL);
    EVP_PKEY *pkey = NULL;

    if (pkey == NULL) {
	Tcl_AppendResult(interp, "Invalid public key method \"", name, "\"", NULL);
	return TCL_ERROR;
    }

    /* Get properties */
    resultObj = Tcl_NewListObj(0, NULL);
    if (resultObj == NULL) {
	return TCL_ERROR;







|



|







747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
 *	None.
 *
 *-------------------------------------------------------------------
 */
int PkeyInfo(Tcl_Interp *interp, Tcl_Obj *nameObj) {
    Tcl_Obj *resultObj;
    int res = TCL_OK;
    char *name = Tcl_GetStringFromObj(nameObj, (Tcl_Size *) NULL);
    EVP_PKEY *pkey = NULL;

    if (pkey == NULL) {
	Tcl_AppendResult(interp, "Invalid public key method \"", name, "\"", (char *) NULL);
	return TCL_ERROR;
    }

    /* Get properties */
    resultObj = Tcl_NewListObj(0, NULL);
    if (resultObj == NULL) {
	return TCL_ERROR;