Overview
| Comment: | Applied patch to add OpenSSL3 KTLS trivial processing. Description: Patch adds trivial processing for BIO_CTRL_GET_KTLS_SEND and BIO_CTRL_GET_KTLS_RECV control commands to make tcltls working with OpenSSL 3.0. See also: - https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1006587 - https://bugzilla.redhat.com/show_bug.cgi?id=2088363 Source: https://sources.debian.org/src/tcltls/1.7.22-3/debian/patches/openssl3.patch |
|---|---|
| Downloads: | Tarball | ZIP archive | SQL archive |
| Timelines: | family | ancestors | descendants | both | trunk |
| Files: | files | file ages | folders |
| SHA3-256: |
6f19aa66233d4c07b3e981ca52db2a8a |
| User & Date: | bohagan on 2023-04-23 02:36:16 |
| Other Links: | manifest | tags |
Context
|
2023-04-23
| ||
| 03:34 | Use server cipher preference order. Source: https://sourceforge.net/p/tls/bugs/60/ and https://www.androwish.org/home/info/5718c3eb47cced4d and https://core.tcl-lang.org/tcltls/tktview/305ee10b86 check-in: ba1403b62c user: bohagan tags: trunk | |
| 02:36 | Applied patch to add OpenSSL3 KTLS trivial processing. Description: Patch adds trivial processing for BIO_CTRL_GET_KTLS_SEND and BIO_CTRL_GET_KTLS_RECV control commands to make tcltls working with OpenSSL 3.0. See also: - https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1006587 - https://bugzilla.redhat.com/show_bug.cgi?id=2088363 Source: https://sources.debian.org/src/tcltls/1.7.22-3/debian/patches/openssl3.patch check-in: 6f19aa6623 user: bohagan tags: trunk | |
| 02:08 | Changes for OpenSSL v1.1.1 to make compatible with no deprecated option. check-in: 2ed802a7af user: bohagan tags: trunk | |
Changes
Modified tls.c from [e79ec1582f] to [07454bb7bd].
| ︙ | ︙ | |||
1236 1237 1238 1239 1240 1241 1242 |
if (getenv(SSLKEYLOGFILE)) {
SSL_CTX_set_keylog_callback(ctx, KeyLogCallback);
}
#if !defined(NO_TLS1_3) && !defined(OPENSSL_NO_TLS1_3)
if (proto == TLS_PROTO_TLS1_3) {
| | | | 1236 1237 1238 1239 1240 1241 1242 1243 1244 1245 1246 1247 1248 1249 1250 1251 |
if (getenv(SSLKEYLOGFILE)) {
SSL_CTX_set_keylog_callback(ctx, KeyLogCallback);
}
#if !defined(NO_TLS1_3) && !defined(OPENSSL_NO_TLS1_3)
if (proto == TLS_PROTO_TLS1_3) {
SSL_CTX_set_min_proto_version (ctx, TLS1_3_VERSION);
SSL_CTX_set_max_proto_version (ctx, TLS1_3_VERSION);
}
#endif
SSL_CTX_set_app_data( ctx, (void*)interp); /* remember the interpreter */
SSL_CTX_set_options( ctx, SSL_OP_ALL); /* all SSL bug workarounds */
SSL_CTX_set_options( ctx, off); /* all SSL bug workarounds */
#if OPENSSL_VERSION_NUMBER < 0x10101000L
|
| ︙ | ︙ | |||
1511 1512 1513 1514 1515 1516 1517 |
#ifndef OPENSSL_NO_TLSEXT
/* Report the selected protocol as a result of the negotiation */
SSL_get0_alpn_selected(statePtr->ssl, &proto, &len);
Tcl_ListObjAppendElement(interp, objPtr, Tcl_NewStringObj("alpn", -1));
Tcl_ListObjAppendElement(interp, objPtr,
Tcl_NewStringObj((char *)proto, (int)len));
#endif
| < | 1511 1512 1513 1514 1515 1516 1517 1518 1519 1520 1521 1522 1523 1524 |
#ifndef OPENSSL_NO_TLSEXT
/* Report the selected protocol as a result of the negotiation */
SSL_get0_alpn_selected(statePtr->ssl, &proto, &len);
Tcl_ListObjAppendElement(interp, objPtr, Tcl_NewStringObj("alpn", -1));
Tcl_ListObjAppendElement(interp, objPtr,
Tcl_NewStringObj((char *)proto, (int)len));
#endif
Tcl_ListObjAppendElement(interp, objPtr,
Tcl_NewStringObj("version", -1));
Tcl_ListObjAppendElement(interp, objPtr,
Tcl_NewStringObj(SSL_get_version(statePtr->ssl), -1));
Tcl_SetObjResult( interp, objPtr);
return TCL_OK;
|
| ︙ | ︙ | |||
1669 1670 1671 1672 1673 1674 1675 |
if (pkey == NULL || rsa == NULL || !EVP_PKEY_assign_RSA(pkey, rsa)) {
EVP_PKEY_free(pkey);
/* RSA_free(rsa); freed by EVP_PKEY_free */
#elif OPENSSL_VERSION_NUMBER < 0x30000000L
bne = BN_new();
rsa = RSA_new();
pkey = EVP_PKEY_new();
| | | | 1668 1669 1670 1671 1672 1673 1674 1675 1676 1677 1678 1679 1680 1681 1682 1683 1684 1685 1686 1687 1688 1689 1690 |
if (pkey == NULL || rsa == NULL || !EVP_PKEY_assign_RSA(pkey, rsa)) {
EVP_PKEY_free(pkey);
/* RSA_free(rsa); freed by EVP_PKEY_free */
#elif OPENSSL_VERSION_NUMBER < 0x30000000L
bne = BN_new();
rsa = RSA_new();
pkey = EVP_PKEY_new();
if (bne == NULL || rsa == NULL || pkey == NULL || !BN_set_word(bne,RSA_F4) ||
!RSA_generate_key_ex(rsa, keysize, bne, NULL) || !EVP_PKEY_assign_RSA(pkey, rsa)) {
EVP_PKEY_free(pkey);
/* RSA_free(rsa); freed by EVP_PKEY_free */
BN_free(bne);
#else
pkey = EVP_RSA_gen((unsigned int) keysize);
ctx = EVP_PKEY_CTX_new(pkey,NULL);
if (pkey == NULL || ctx == NULL || !EVP_PKEY_keygen_init(ctx) ||
!EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, keysize) || !EVP_PKEY_keygen(ctx, &pkey)) {
EVP_PKEY_free(pkey);
EVP_PKEY_CTX_free(ctx);
#endif
Tcl_SetResult(interp,"Error generating private key",NULL);
return TCL_ERROR;
} else {
|
| ︙ | ︙ |
Modified tlsBIO.c from [d88dbca933] to [71885cfb41].
| ︙ | ︙ | |||
212 213 214 215 216 217 218 219 220 221 222 223 224 225 |
dprintf("Got BIO_CTRL_SET");
ret = 0;
break;
case BIO_CTRL_GET :
dprintf("Got BIO_CTRL_GET ");
ret = 0;
break;
default:
dprintf("Got unknown control command (%i)", cmd);
ret = 0;
break;
}
return(ret);
| > > > > > > > > > > > > | 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 |
dprintf("Got BIO_CTRL_SET");
ret = 0;
break;
case BIO_CTRL_GET :
dprintf("Got BIO_CTRL_GET ");
ret = 0;
break;
#ifdef BIO_CTRL_GET_KTLS_SEND
case BIO_CTRL_GET_KTLS_SEND:
dprintf("Got BIO_CTRL_GET_KTLS_SEND");
ret = 0;
break;
#endif
#ifdef BIO_CTRL_GET_KTLS_RECV
case BIO_CTRL_GET_KTLS_RECV:
dprintf("Got BIO_CTRL_GET_KTLS_RECV");
ret = 0;
break;
#endif
default:
dprintf("Got unknown control command (%i)", cmd);
ret = 0;
break;
}
return(ret);
|
| ︙ | ︙ |