Overview
Comment: | Removed obsolete locking code and added support for checking system OpenSSL config file for crypto policies. |
---|---|
Downloads: | Tarball | ZIP archive | SQL archive |
Timelines: | family | ancestors | descendants | both | tls-1.8 |
Files: | files | file ages | folders |
SHA3-256: |
449470132e37438e2cb67acc2903a4a6 |
User & Date: | bohagan on 2024-06-15 21:49:55 |
Other Links: | branch diff | manifest | tags |
Context
2024-06-16
| ||
20:23 | Added shutdown handler check-in: 2e607e483a user: bohagan tags: tls-1.8 | |
2024-06-15
| ||
21:49 | Removed obsolete locking code and added support for checking system OpenSSL config file for crypto policies. check-in: 449470132e user: bohagan tags: tls-1.8 | |
2024-06-08
| ||
20:49 | Cache read/write wants from BIO_read/BIO_write and include in watch mask check-in: 268b7a0965 user: bohagan tags: tls-1.8 | |
Changes
Modified generic/tls.c from [ec7ae85081] to [5d61adfac5].
︙ | ︙ | |||
23 24 25 26 27 28 29 30 31 32 33 34 35 36 | */ #include "tlsInt.h" #include "tclOpts.h" #include "tlsUuid.h" #include <stdio.h> #include <stdlib.h> #include <openssl/rsa.h> #include <openssl/safestack.h> /* Min OpenSSL version */ #if OPENSSL_VERSION_NUMBER < 0x10101000L #error "Only OpenSSL v1.1.1 or later is supported" #endif | > > > | 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 | */ #include "tlsInt.h" #include "tclOpts.h" #include "tlsUuid.h" #include <stdio.h> #include <stdlib.h> #include <openssl/ssl.h> #include <openssl/crypto.h> #include <openssl/opensslconf.h> #include <openssl/rsa.h> #include <openssl/safestack.h> /* Min OpenSSL version */ #if OPENSSL_VERSION_NUMBER < 0x10101000L #error "Only OpenSSL v1.1.1 or later is supported" #endif |
︙ | ︙ | |||
45 46 47 48 49 50 51 | Tcl_TranslateFileName(interp, (key), (dsp))) static SSL_CTX *CTX_Init(State *statePtr, int isServer, int proto, char *key, char *certfile, unsigned char *key_asn1, unsigned char *cert_asn1, Tcl_Size key_asn1_len, Tcl_Size cert_asn1_len, char *CApath, char *CAfile, char *ciphers, char *ciphersuites, int level, char *DHparams); | < < < < < < < < < < < < < < < < < < < < < < < < < | 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 | Tcl_TranslateFileName(interp, (key), (dsp))) static SSL_CTX *CTX_Init(State *statePtr, int isServer, int proto, char *key, char *certfile, unsigned char *key_asn1, unsigned char *cert_asn1, Tcl_Size key_asn1_len, Tcl_Size cert_asn1_len, char *CApath, char *CAfile, char *ciphers, char *ciphersuites, int level, char *DHparams); #define TLS_PROTO_SSL2 0x01 #define TLS_PROTO_SSL3 0x02 #define TLS_PROTO_TLS1 0x04 #define TLS_PROTO_TLS1_1 0x08 #define TLS_PROTO_TLS1_2 0x10 #define TLS_PROTO_TLS1_3 0x20 #define ENABLED(flag, mask) (((flag) & (mask)) == (mask)) #define SSLKEYLOGFILE "SSLKEYLOGFILE" /********************/ /* Callbacks */ /********************/ /* *------------------------------------------------------------------- |
︙ | ︙ | |||
2894 2895 2896 2897 2898 2899 2900 2901 2902 2903 2904 2905 2906 2907 | #ifdef STATIC_BUILD ".static" #endif ), NULL); } return TCL_OK; } /* Init script */ static const char tlsTclInitScript[] = { #include "tls.tcl.h" }; /* | > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > | 2872 2873 2874 2875 2876 2877 2878 2879 2880 2881 2882 2883 2884 2885 2886 2887 2888 2889 2890 2891 2892 2893 2894 2895 2896 2897 2898 2899 2900 2901 2902 2903 2904 2905 2906 2907 2908 2909 2910 2911 2912 2913 2914 2915 2916 2917 2918 2919 2920 2921 2922 2923 2924 | #ifdef STATIC_BUILD ".static" #endif ), NULL); } return TCL_OK; } /* *------------------------------------------------------* * * TlsLibInit -- * * ------------------------------------------------* * Initializes SSL library once per application * ------------------------------------------------* * * Side effects: * initializes SSL library * * Result: * none * *------------------------------------------------------* */ static int TlsLibInit() { static int initialized = 0; dprintf("Called"); if (!initialized) { /* Initialize BOTH libcrypto and libssl. */ if (!OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS | OPENSSL_INIT_LOAD_CRYPTO_STRINGS | OPENSSL_INIT_ADD_ALL_CIPHERS | OPENSSL_INIT_ADD_ALL_DIGESTS | OPENSSL_INIT_LOAD_CONFIG | OPENSSL_INIT_ASYNC, NULL)) { return TCL_ERROR; } /* Create BIO handlers */ if (BIO_new_tcl(NULL, 0) == NULL) { return TCL_ERROR; } initialized = 1; } return TCL_OK; } /* Init script */ static const char tlsTclInitScript[] = { #include "tls.tcl.h" }; /* |
︙ | ︙ | |||
2935 2936 2937 2938 2939 2940 2941 | return TCL_ERROR; } #endif if (Tcl_PkgRequire(interp, "Tcl", MIN_VERSION, 0) == NULL) { return TCL_ERROR; } | | | 2952 2953 2954 2955 2956 2957 2958 2959 2960 2961 2962 2963 2964 2965 2966 | return TCL_ERROR; } #endif if (Tcl_PkgRequire(interp, "Tcl", MIN_VERSION, 0) == NULL) { return TCL_ERROR; } if (TlsLibInit() != TCL_OK) { Tcl_AppendResult(interp, "could not initialize SSL library", (char *) NULL); return TCL_ERROR; } Tcl_CreateObjCommand(interp, "::tls::ciphers", CiphersObjCmd, (ClientData) NULL, (Tcl_CmdDeleteProc *) NULL); Tcl_CreateObjCommand(interp, "::tls::connection", ConnectionInfoObjCmd, (ClientData) NULL, (Tcl_CmdDeleteProc *) NULL); Tcl_CreateObjCommand(interp, "::tls::handshake", HandshakeObjCmd, (ClientData) NULL, (Tcl_CmdDeleteProc *) NULL); |
︙ | ︙ | |||
2982 2983 2984 2985 2986 2987 2988 | * *------------------------------------------------------* */ DLLEXPORT int Tls_SafeInit(Tcl_Interp *interp) { dprintf("Called"); return Tls_Init(interp); } | < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < | 2999 3000 3001 3002 3003 3004 3005 | * *------------------------------------------------------* */ DLLEXPORT int Tls_SafeInit(Tcl_Interp *interp) { dprintf("Called"); return Tls_Init(interp); } |