Overview
| Comment: | Added provider command to load non-default providers in OpenSSL 3.0 |
|---|---|
| Downloads: | Tarball | ZIP archive | SQL archive |
| Timelines: | family | ancestors | descendants | both | crypto |
| Files: | files | file ages | folders |
| SHA3-256: |
b6001442d135cf12fde2acbd2332a5e3 |
| User & Date: | bohagan on 2024-02-05 01:37:05 |
| Other Links: | branch diff | manifest | tags |
Context
|
2024-02-06
| ||
| 02:42 | Added provider test cases check-in: 5a41ff9aa1 user: bohagan tags: crypto | |
|
2024-02-05
| ||
| 01:37 | Added provider command to load non-default providers in OpenSSL 3.0 check-in: b6001442d1 user: bohagan tags: crypto | |
|
2024-02-04
| ||
| 23:25 | Code updates for gcc warnings check-in: e58f2c78c8 user: bohagan tags: crypto | |
Changes
Modified doc/cryptography.html from [b81dbf8537] to [c0f7bb9ac4].
| ︙ | ︙ | |||
26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 |
<dd><b>tls::digests</b> <em>?name?</em></dd>
<dd><b>tls::kdfs</b></dd>
<dd><b>tls::macs</b></dd>
<dd><b>tls::protocols</b></dd>
<dd><b>tls::version</b></dd>
<dt> </dt>
<dd><b>tls::cmac</b> <b>-cipher</b> <em>name</em> <b>-key</b> <em>key ?options?</em></dd>
<dd><b>tls::hmac</b> <b>-digest</b> <em>name</em> <b>-key</b> <em>key ?options?</em></dd>
<dd><b>tls::md</b> <b>-digest</b> <em>name ?options?</em></dd>
<dd><b>tls::md4</b> <em>data</em></dd>
<dd><b>tls::md5</b> <em>data</em></dd>
<dd><b>tls::sha1</b> <em>data</em></dd>
<dd><b>tls::sha256</b> <em>data</em></dd>
<dd><b>tls::sha512</b> <em>data</em></dd>
<dd><b>tls::unstack</b> <em>channelId</em></dd>
<dt> </dt>
<dd><b>tls::encrypt</b> <b>-cipher</b> <em>name</em> <b>-key</b> <em>key ?options?</em></dd>
<dd><b>tls::decrypt</b> <b>-cipher</b> <em>name</em> <b>-key</b> <em>key ?options?</em></dd>
<dt> </dt>
<dd><b>tls::hkdf -digest</b> <em>digest</em> <b>-key</b> <em>key ?options?</em></dd>
<dd><b>tls::pbkdf2 -size</b> <em>length</em> <b>-digest</b> <em>digest ?options?</em></dd>
<dd><b>tls::scrypt -password</b> <em>string</em> <b>-salt</b> <em>string ?options?</em></dd>
<dt> </dt>
<dd><b>tls::random</b> <em>?</em><b>-private</b><em>? length</em></dd>
</dl>
</dd>
<dd><a href="#OPTIONS">OPTIONS</a></dd>
<dd><a href="#COMMANDS">COMMANDS</a></dd>
<dd><a href="#GLOSSARY">GLOSSARY</a> </dd>
<dd><a href="#EXAMPLES">EXAMPLES</a></dd>
<dd><a href="#SPECIAL">SPECIAL CONSIDERATIONS</a></dd>
| > > > > | 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 |
<dd><b>tls::digests</b> <em>?name?</em></dd>
<dd><b>tls::kdfs</b></dd>
<dd><b>tls::macs</b></dd>
<dd><b>tls::protocols</b></dd>
<dd><b>tls::version</b></dd>
<dt> </dt>
<dd><b>tls::cmac</b> <b>-cipher</b> <em>name</em> <b>-key</b> <em>key ?options?</em></dd>
<dd><b>tls::digest</b> <b>-digest</b> <em>name ?options?</em></dd>
<dd><b>tls::hash</b> <b>-digest</b> <em>name ?options?</em></dd>
<dd><b>tls::hmac</b> <b>-digest</b> <em>name</em> <b>-key</b> <em>key ?options?</em></dd>
<dd><b>tls::md</b> <b>-digest</b> <em>name ?options?</em></dd>
<dd><b>tls::md4</b> <em>data</em></dd>
<dd><b>tls::md5</b> <em>data</em></dd>
<dd><b>tls::sha1</b> <em>data</em></dd>
<dd><b>tls::sha256</b> <em>data</em></dd>
<dd><b>tls::sha512</b> <em>data</em></dd>
<dd><b>tls::unstack</b> <em>channelId</em></dd>
<dt> </dt>
<dd><b>tls::encrypt</b> <b>-cipher</b> <em>name</em> <b>-key</b> <em>key ?options?</em></dd>
<dd><b>tls::decrypt</b> <b>-cipher</b> <em>name</em> <b>-key</b> <em>key ?options?</em></dd>
<dt> </dt>
<dd><b>tls::hkdf -digest</b> <em>digest</em> <b>-key</b> <em>key ?options?</em></dd>
<dd><b>tls::pbkdf2 -size</b> <em>length</em> <b>-digest</b> <em>digest ?options?</em></dd>
<dd><b>tls::scrypt -password</b> <em>string</em> <b>-salt</b> <em>string ?options?</em></dd>
<dt> </dt>
<dd><b>tls::random</b> <em>?</em><b>-private</b><em>? length</em></dd>
<dt> </dt>
<dd><b>tls::provider</b> <em>name</em></dd>
</dl>
</dd>
<dd><a href="#OPTIONS">OPTIONS</a></dd>
<dd><a href="#COMMANDS">COMMANDS</a></dd>
<dd><a href="#GLOSSARY">GLOSSARY</a> </dd>
<dd><a href="#EXAMPLES">EXAMPLES</a></dd>
<dd><a href="#SPECIAL">SPECIAL CONSIDERATIONS</a></dd>
|
| ︙ | ︙ | |||
80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 | <a href="#tls::digests"><b>tls::digests</b> <i>?name?</i></a><br> <a href="#tls::kdfs"><b>tls::kdfs</b></a><br> <a href="#tls::macs"><b>tls::macs</b></a><br> <a href="#tls::protocols"><b>tls::protocols</b></a><br> <a href="#tls::version"><b>tls::version</b></a><br> <br> <a href="#tls::cmac"><b>tls::cmac</b> <b>-cipher</b> <i>name</i> <b>-key</b> <i>key ?options?</i></a><br> <a href="#tls::hmac"><b>tls::hmac</b> <b>-digest</b> <i>name</i> <b>-key</b> <i>key ?options?</i></a><br> <a href="#tls::md"><b>tls::md</b> <b>-digest</b> <i>name ?options?</i></a><br> <a href="#tls::md4"><b>tls::md4</b> <i>data</i></a><br> <a href="#tls::md5"><b>tls::md5</b> <i>data</i></a><br> <a href="#tls::sha1"><b>tls::sha1</b> <i>data</i></a><br> <a href="#tls::sha256"><b>tls::sha256</b> <i>data</i></a><br> <a href="#tls::sha512"><b>tls::sha512</b> <i>data</i></a><br> <a href="#tls::unstack"><b>tls::unstack</b> <i>channelId</i></a><br> <br> <a href="#tls::encrypt"><b>tls::encrypt</b> <b>-cipher</b> <i>name</i> <b>-key</b> <i>key ?options?</i></a><br> <a href="#tls::decrypt"><b>tls::decrypt</b> <b>-cipher</b> <i>name</i> <b>-key</b> <i>key ?options?</i></a><br> <br> <a href="#tls::hkdf"><b>tls::hkdf -digest</b> <i>digest</i> <b>-key</b> <i>key ?options?</i></a><br> <a href="#tls::pbkdf2"><b>tls::pbkdf2 -size</b> <i>length</i> <b>-digest</b> <i>digest ?options?</i></a><br> <a href="#tls::scrypt"><b>tls::scrypt -password</b> <i>string</i> <b>-salt</b> <i>string ?options?</i></a><br> <br> <a href="#tls::random"><b>tls::random</b> <i>?</i><b>-private</b><i>? length</i></a><br> </p> <br> <h3><a name="OPTIONS">OPTIONS</a></h3> <p>The following options are used by the cryptography commands.</p> | > > > > | 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 | <a href="#tls::digests"><b>tls::digests</b> <i>?name?</i></a><br> <a href="#tls::kdfs"><b>tls::kdfs</b></a><br> <a href="#tls::macs"><b>tls::macs</b></a><br> <a href="#tls::protocols"><b>tls::protocols</b></a><br> <a href="#tls::version"><b>tls::version</b></a><br> <br> <a href="#tls::cmac"><b>tls::cmac</b> <b>-cipher</b> <i>name</i> <b>-key</b> <i>key ?options?</i></a><br> <a href="#tls::digest"><b>tls::digest</b> <b>-digest</b> <i>name ?options?</i></a><br> <a href="#tls::hash"><b>tls::hash</b> <b>-digest</b> <i>name ?options?</i></a><br> <a href="#tls::hmac"><b>tls::hmac</b> <b>-digest</b> <i>name</i> <b>-key</b> <i>key ?options?</i></a><br> <a href="#tls::md"><b>tls::md</b> <b>-digest</b> <i>name ?options?</i></a><br> <a href="#tls::md4"><b>tls::md4</b> <i>data</i></a><br> <a href="#tls::md5"><b>tls::md5</b> <i>data</i></a><br> <a href="#tls::sha1"><b>tls::sha1</b> <i>data</i></a><br> <a href="#tls::sha256"><b>tls::sha256</b> <i>data</i></a><br> <a href="#tls::sha512"><b>tls::sha512</b> <i>data</i></a><br> <a href="#tls::unstack"><b>tls::unstack</b> <i>channelId</i></a><br> <br> <a href="#tls::encrypt"><b>tls::encrypt</b> <b>-cipher</b> <i>name</i> <b>-key</b> <i>key ?options?</i></a><br> <a href="#tls::decrypt"><b>tls::decrypt</b> <b>-cipher</b> <i>name</i> <b>-key</b> <i>key ?options?</i></a><br> <br> <a href="#tls::hkdf"><b>tls::hkdf -digest</b> <i>digest</i> <b>-key</b> <i>key ?options?</i></a><br> <a href="#tls::pbkdf2"><b>tls::pbkdf2 -size</b> <i>length</i> <b>-digest</b> <i>digest ?options?</i></a><br> <a href="#tls::scrypt"><b>tls::scrypt -password</b> <i>string</i> <b>-salt</b> <i>string ?options?</i></a><br> <br> <a href="#tls::random"><b>tls::random</b> <i>?</i><b>-private</b><i>? length</i></a><br> <br> <a href="#tls::provider"><b>tls::provider</b> <i>name</i></a><br> </p> <br> <h3><a name="OPTIONS">OPTIONS</a></h3> <p>The following options are used by the cryptography commands.</p> |
| ︙ | ︙ | |||
406 407 408 409 410 411 412 413 414 415 416 417 418 419 |
<em>?[</em><b>-chan</b> <em>channelId |</em> <b>-command</b> <em>cmdName |</em>
<b>-file</b> <em>filename | ?</em><b>-data</b><em>? data]</em></a></dt>
<dd>Calculate the Cipher-based Message Authentication Code (CMAC) where
<em>key</em> is a shared key and output the result per the I/O options
in the specified format. MACs are used to ensure authenticity and the
integrity of data. See <a href="#OPTIONS"><b>options</b></a> for usage
info. Option <b>-key</b> is only used for some ciphers.</dd>
<dt><a name="tls::hmac"><strong>tls::hmac</strong>
<em>?</em><b>-digest</b><em>? name</em>
<b>-key</b> <em>key ?</em>
<b>-bin</b>|<b>-hex</b>
<em>?[</em><b>-chan</b> <em>channelId |</em> <b>-command</b> <em>cmdName |</em>
<b>-file</b> <em>filename | ?</em><b>-data</b><em>? data]</em></a></dt>
| > > > > > > > > | 414 415 416 417 418 419 420 421 422 423 424 425 426 427 428 429 430 431 432 433 434 435 |
<em>?[</em><b>-chan</b> <em>channelId |</em> <b>-command</b> <em>cmdName |</em>
<b>-file</b> <em>filename | ?</em><b>-data</b><em>? data]</em></a></dt>
<dd>Calculate the Cipher-based Message Authentication Code (CMAC) where
<em>key</em> is a shared key and output the result per the I/O options
in the specified format. MACs are used to ensure authenticity and the
integrity of data. See <a href="#OPTIONS"><b>options</b></a> for usage
info. Option <b>-key</b> is only used for some ciphers.</dd>
<dt><a name="tls::digest"><strong>tls::digest</strong>
<em>option value ...</em></a></dt>
<dd>Alias for <b>tls::md</b>.</dd>
<dt><a name="tls::hash"><strong>tls::hash</strong>
<em>option value ...</em></a></dt>
<dd>Alias for <b>tls::md</b>.</dd>
<dt><a name="tls::hmac"><strong>tls::hmac</strong>
<em>?</em><b>-digest</b><em>? name</em>
<b>-key</b> <em>key ?</em>
<b>-bin</b>|<b>-hex</b>
<em>?[</em><b>-chan</b> <em>channelId |</em> <b>-command</b> <em>cmdName |</em>
<b>-file</b> <em>filename | ?</em><b>-data</b><em>? data]</em></a></dt>
|
| ︙ | ︙ | |||
564 565 566 567 568 569 570 571 572 573 574 575 576 577 |
<em>?</em><b>-private</b><em>? length</em></a></dt>
<dd>Generate <i>length</i> random bytes using a cryptographically secure
pseudo random generator (CSPRNG). OpenSSL uses a security level of 256
bits. Will return an error if a trusted entropy source such as the OS
isn't available. Use <b>-private</b> option if the values are intended
to remain private in case the public PRNG is compromised.</dd>
</dl>
<br>
<h3><a name="GLOSSARY">GLOSSARY</a></h3>
<p>The following is a list of the terminology used in this package along with
brief definitions. For more details, please consult with the OpenSSL documentation.</p>
| > > > > > > > > > > > > | 580 581 582 583 584 585 586 587 588 589 590 591 592 593 594 595 596 597 598 599 600 601 602 603 604 605 |
<em>?</em><b>-private</b><em>? length</em></a></dt>
<dd>Generate <i>length</i> random bytes using a cryptographically secure
pseudo random generator (CSPRNG). OpenSSL uses a security level of 256
bits. Will return an error if a trusted entropy source such as the OS
isn't available. Use <b>-private</b> option if the values are intended
to remain private in case the public PRNG is compromised.</dd>
<br>
<h4><a name="PROVIDER">Load Provider</a></h4>
These commands provide access to the OpenSSL providers.
<br>
<br>
<dt><a name="tls::provider"><strong>tls::provider</strong>
<em>name</em></a></dt>
<dd>Load <i>name</i> default provider. Valid provider names are:
<b>default</b>, <b>base</b>, <b>fips</b>, and <b>legacy</b>. Use
<b>legacy</b> to load the legacy provider ciphers, digests, etc.</dd>
</dl>
<br>
<h3><a name="GLOSSARY">GLOSSARY</a></h3>
<p>The following is a list of the terminology used in this package along with
brief definitions. For more details, please consult with the OpenSSL documentation.</p>
|
| ︙ | ︙ |
Modified generic/tlsInfo.c from [981453e7ce] to [d866fb1c06].
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 |
/*
* Information Commands Module
*
* Provides commands that return info related to the OpenSSL config and data.
*
* Copyright (C) 2023 Brian O'Hagan
*
*/
#include "tlsInt.h"
#include <openssl/crypto.h>
#include <openssl/ssl.h>
#include <openssl/safestack.h>
/*
* Valid SSL and TLS Protocol Versions
*/
static const char *protocols[] = {
"ssl2", "ssl3", "tls1", "tls1.1", "tls1.2", "tls1.3", NULL
};
| > > > | 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 |
/*
* Information Commands Module
*
* Provides commands that return info related to the OpenSSL config and data.
*
* Copyright (C) 2023 Brian O'Hagan
*
*/
#include "tlsInt.h"
#include <openssl/crypto.h>
#include <openssl/ssl.h>
#include <openssl/safestack.h>
#if OPENSSL_VERSION_NUMBER >= 0x30000000L
#include <openssl/provider.h>
#endif
/*
* Valid SSL and TLS Protocol Versions
*/
static const char *protocols[] = {
"ssl2", "ssl3", "tls1", "tls1.1", "tls1.2", "tls1.3", NULL
};
|
| ︙ | ︙ | |||
918 919 920 921 922 923 924 925 926 927 928 929 930 931 | } /*******************************************************************/ /* *------------------------------------------------------------------- * * VersionObjCmd -- * * Return a string with the OpenSSL version info. * * Results: * A standard Tcl result. * | > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > | 921 922 923 924 925 926 927 928 929 930 931 932 933 934 935 936 937 938 939 940 941 942 943 944 945 946 947 948 949 950 951 952 953 954 955 956 957 958 959 960 961 962 963 964 965 966 967 968 969 970 971 972 973 974 975 |
}
/*******************************************************************/
/*
*-------------------------------------------------------------------
*
* ProviderObjCmd --
*
* Load a provider.
*
* Results:
* A standard Tcl result.
*
* Side effects:
* None.
*
*-------------------------------------------------------------------
*/
#if OPENSSL_VERSION_NUMBER >= 0x30000000L
static int
ProviderObjCmd(ClientData clientData, Tcl_Interp *interp, int objc, Tcl_Obj *const objv[]) {
char *name;
(void) clientData;
dprintf("Called");
/* Validate arg count */
if (objc != 2) {
Tcl_WrongNumArgs(interp, 1, objv, "provider");
return TCL_ERROR;
}
name = Tcl_GetStringFromObj(objv[1], NULL);
if (!OSSL_PROVIDER_try_load(NULL, (const char *) name, 1)) {
Tcl_AppendResult(interp, GET_ERR_REASON(), (char *) NULL);
return TCL_ERROR;
}
return TCL_OK;
}
#endif
/*******************************************************************/
/*
*-------------------------------------------------------------------
*
* VersionObjCmd --
*
* Return a string with the OpenSSL version info.
*
* Results:
* A standard Tcl result.
*
|
| ︙ | ︙ | |||
980 981 982 983 984 985 986 987 988 989 990 |
Tcl_CreateObjCommand(interp, "tls::cipher", CipherObjCmd, (ClientData) NULL, (Tcl_CmdDeleteProc *) NULL);
Tcl_CreateObjCommand(interp, "tls::ciphers", CiphersObjCmd, (ClientData) NULL, (Tcl_CmdDeleteProc *) NULL);
Tcl_CreateObjCommand(interp, "tls::digests", DigestsObjCmd, (ClientData) NULL, (Tcl_CmdDeleteProc *) NULL);
Tcl_CreateObjCommand(interp, "tls::kdfs", KdfsObjCmd, (ClientData) NULL, (Tcl_CmdDeleteProc *) NULL);
Tcl_CreateObjCommand(interp, "tls::macs", MacsObjCmd, (ClientData) NULL, (Tcl_CmdDeleteProc *) NULL);
Tcl_CreateObjCommand(interp, "tls::pkeys", PkeysObjCmd, (ClientData) NULL, (Tcl_CmdDeleteProc *) NULL);
Tcl_CreateObjCommand(interp, "tls::protocols", ProtocolsObjCmd, (ClientData) NULL, (Tcl_CmdDeleteProc *) NULL);
Tcl_CreateObjCommand(interp, "tls::version", VersionObjCmd, (ClientData) NULL, (Tcl_CmdDeleteProc *) NULL);
return TCL_OK;
}
| > > > | 1024 1025 1026 1027 1028 1029 1030 1031 1032 1033 1034 1035 1036 1037 |
Tcl_CreateObjCommand(interp, "tls::cipher", CipherObjCmd, (ClientData) NULL, (Tcl_CmdDeleteProc *) NULL);
Tcl_CreateObjCommand(interp, "tls::ciphers", CiphersObjCmd, (ClientData) NULL, (Tcl_CmdDeleteProc *) NULL);
Tcl_CreateObjCommand(interp, "tls::digests", DigestsObjCmd, (ClientData) NULL, (Tcl_CmdDeleteProc *) NULL);
Tcl_CreateObjCommand(interp, "tls::kdfs", KdfsObjCmd, (ClientData) NULL, (Tcl_CmdDeleteProc *) NULL);
Tcl_CreateObjCommand(interp, "tls::macs", MacsObjCmd, (ClientData) NULL, (Tcl_CmdDeleteProc *) NULL);
Tcl_CreateObjCommand(interp, "tls::pkeys", PkeysObjCmd, (ClientData) NULL, (Tcl_CmdDeleteProc *) NULL);
Tcl_CreateObjCommand(interp, "tls::protocols", ProtocolsObjCmd, (ClientData) NULL, (Tcl_CmdDeleteProc *) NULL);
#if OPENSSL_VERSION_NUMBER >= 0x30000000L
Tcl_CreateObjCommand(interp, "tls::provider", ProviderObjCmd, (ClientData) NULL, (Tcl_CmdDeleteProc *) NULL);
#endif
Tcl_CreateObjCommand(interp, "tls::version", VersionObjCmd, (ClientData) NULL, (Tcl_CmdDeleteProc *) NULL);
return TCL_OK;
}
|