Check-in [bd8b53ced2]
Bounty program for improvements to Tcl and certain Tcl packages.
Tcl 2019 Conference, Houston/TX, US, Nov 4-8
Send your abstracts to [email protected]
or submit via the online form by Sep 9.

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Try to find headers in a specific path and do not allow "mp_int"/"mp_digit" to conflict with other things
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | x-header-work
Files: files | file ages | folders
SHA3-256: bd8b53ced2d7762d7960e0a9c7a959cdd2fe8e994f1ab3bcc2005dc8c1163dd4
User & Date: rkeene 2019-05-29 18:52:18
Context
2019-05-29
18:52
Try to find headers in a specific path and do not allow "mp_int"/"mp_digit" to conflict with other things Leaf check-in: bd8b53ced2 user: rkeene tags: x-header-work
2019-04-25
16:51
TclTLS 1.7.18 check-in: fb6a7404da user: rkeene tags: tls-1-7, tls-1-7-18
Changes

Changes to aclocal/tcltls_openssl.m4.

11
12
13
14
15
16
17





18
19
20
21
22
23
24
25
26
27
28
..
79
80
81
82
83
84
85



86
87
88
89
90
91
92
...
110
111
112
113
114
115
116




117
118
119
120
121
122
123
...
162
163
164
165
166
167
168





169
170
171
172
173
174
175
176
177
178
179
...
190
191
192
193
194
195
196





197
198
199
200
201
202
203
204
205
206
			AC_CHECK_FUNC($2,, [
				proto_check='false'
			])
		], [
			AC_LANG_PUSH(C)
			AC_MSG_CHECKING([for $3 protocol support])
			AC_COMPILE_IFELSE([AC_LANG_PROGRAM([





#include <openssl/ssl.h>
#include <openssl/opensslv.h>
#if (SSLEAY_VERSION_NUMBER >= 0x0907000L)
# include <openssl/conf.h>
#endif
			], [
int x = $5;
			])], [
				AC_MSG_RESULT([yes])
			], [
				AC_MSG_RESULT([no])
................................................................................
		if test -e "$openssldir/libssl.$SHOBJEXT"; then
			TCLTLS_SSL_LIBS="-L$openssldir -lssl -lcrypto"
			openssldir="`AS_DIRNAME(["$openssldir"])`"
		else
			TCLTLS_SSL_LIBS="-L$openssldir/lib -lssl -lcrypto"
		fi
		TCLTLS_SSL_CFLAGS="-I$openssldir/include"



		TCLTLS_SSL_CPPFLAGS="-I$openssldir/include"
	fi

	pkgConfigExtraArgs=''
	if test "$TCLEXT_BUILD" = "static" -o "$TCLEXT_TLS_STATIC_SSL" = 'yes'; then
		pkgConfigExtraArgs='--static'
	fi
................................................................................
		TCLTLS_SSL_LIBS="`"${PKGCONFIG}" openssl --libs $pkgConfigExtraArgs`" || AC_MSG_ERROR([Unable to get OpenSSL Configuration])
	fi
	if test -z "$TCLTLS_SSL_CFLAGS"; then
		TCLTLS_SSL_CFLAGS="`"${PKGCONFIG}" openssl --cflags-only-other $pkgConfigExtraArgs`" || AC_MSG_ERROR([Unable to get OpenSSL Configuration])
	fi
	if test -z "$TCLTLS_SSL_CPPFLAGS"; then
		TCLTLS_SSL_CPPFLAGS="`"${PKGCONFIG}" openssl --cflags-only-I $pkgConfigExtraArgs`" || AC_MSG_ERROR([Unable to get OpenSSL Configuration])




	fi
	PKG_CONFIG_PATH="${PKG_CONFIG_PATH_SAVE}"

	if test "$TCLEXT_BUILD" = "static"; then
		dnl If we are doing a static build, save the linker flags for other programs to consume
		rm -f tcltls.a.linkadd
		AS_ECHO(["$TCLTLS_SSL_LIBS"]) > tcltls.a.linkadd
................................................................................
	CFLAGS="${TCLTLS_SSL_CFLAGS} ${SAVE_CFLAGS} ${TCLTLS_SSL_CFLAGS}"
	CPPFLAGS="${TCLTLS_SSL_CPPFLAGS} ${SAVE_CPPFLAGS} ${TCLTLS_SSL_CPPFLAGS}"

	dnl Verify that basic functionality is there
	AC_LANG_PUSH(C)
	AC_MSG_CHECKING([if a basic OpenSSL program works])
	AC_LINK_IFELSE([AC_LANG_PROGRAM([





#include <openssl/ssl.h>
#include <openssl/opensslv.h>
#if (SSLEAY_VERSION_NUMBER >= 0x0907000L)
# include <openssl/conf.h>
#endif
		], [
  SSL_library_init();
  SSL_load_error_strings();
		])], [
		AC_MSG_RESULT([yes])
	], [
................................................................................
	TCLTLS_SSL_OPENSSL_CHECK_PROTO_VER([tcltls_ssl_tls1_2], [TLSv1_2_method], [tlsv1.2], [NO_TLS1_2])
	TCLTLS_SSL_OPENSSL_CHECK_PROTO_VER([tcltls_ssl_tls1_3], [], [tlsv1.3], [NO_TLS1_3], [SSL_OP_NO_TLSv1_3])

	AC_CACHE_VAL([tcltls_cv_func_tlsext_hostname], [
		AC_LANG_PUSH(C)
		AC_MSG_CHECKING([for SSL_set_tlsext_host_name])
		AC_LINK_IFELSE([AC_LANG_PROGRAM([





#include <openssl/ssl.h>
#if (SSLEAY_VERSION_NUMBER >= 0x0907000L)
# include <openssl/conf.h>
#endif
			], [
  (void)SSL_set_tlsext_host_name((void *) 0, (void *) 0);
			])], [
			AC_MSG_RESULT([yes])
			tcltls_cv_func_tlsext_hostname='yes'
		], [






>
>
>
>
>
|
|

|







 







>
>
>







 







>
>
>
>







 







>
>
>
>
>
|
|

|







 







>
>
>
>
>
|

|







11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
..
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
...
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
...
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
...
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
			AC_CHECK_FUNC($2,, [
				proto_check='false'
			])
		], [
			AC_LANG_PUSH(C)
			AC_MSG_CHECKING([for $3 protocol support])
			AC_COMPILE_IFELSE([AC_LANG_PROGRAM([
#ifdef OPENSSL_HEADER_PREFIX
#  define OPENSSL_HEADER(header) <OPENSSL_HEADER_PREFIX/header>
#else
#  define OPENSSL_HEADER(header) <header>
#endif
#include OPENSSL_HEADER(openssl/ssl.h)
#include OPENSSL_HEADER(openssl/opensslv.h)
#if (SSLEAY_VERSION_NUMBER >= 0x0907000L)
# include OPENSSL_HEADER(openssl/conf.h)
#endif
			], [
int x = $5;
			])], [
				AC_MSG_RESULT([yes])
			], [
				AC_MSG_RESULT([no])
................................................................................
		if test -e "$openssldir/libssl.$SHOBJEXT"; then
			TCLTLS_SSL_LIBS="-L$openssldir -lssl -lcrypto"
			openssldir="`AS_DIRNAME(["$openssldir"])`"
		else
			TCLTLS_SSL_LIBS="-L$openssldir/lib -lssl -lcrypto"
		fi
		TCLTLS_SSL_CFLAGS="-I$openssldir/include"
		if test -n "$openssldir"; then
			AC_DEFINE_UNQUOTED(OPENSSL_HEADER_PREFIX, [$openssldir/include], [Path to OpenSSL headers])
		fi
		TCLTLS_SSL_CPPFLAGS="-I$openssldir/include"
	fi

	pkgConfigExtraArgs=''
	if test "$TCLEXT_BUILD" = "static" -o "$TCLEXT_TLS_STATIC_SSL" = 'yes'; then
		pkgConfigExtraArgs='--static'
	fi
................................................................................
		TCLTLS_SSL_LIBS="`"${PKGCONFIG}" openssl --libs $pkgConfigExtraArgs`" || AC_MSG_ERROR([Unable to get OpenSSL Configuration])
	fi
	if test -z "$TCLTLS_SSL_CFLAGS"; then
		TCLTLS_SSL_CFLAGS="`"${PKGCONFIG}" openssl --cflags-only-other $pkgConfigExtraArgs`" || AC_MSG_ERROR([Unable to get OpenSSL Configuration])
	fi
	if test -z "$TCLTLS_SSL_CPPFLAGS"; then
		TCLTLS_SSL_CPPFLAGS="`"${PKGCONFIG}" openssl --cflags-only-I $pkgConfigExtraArgs`" || AC_MSG_ERROR([Unable to get OpenSSL Configuration])
		opensslincdir="$(echo "${TCLTLS_SSL_CPPFLAGS}" | sed '[email protected]^.*[email protected]@')"
		if test -n "$opensslincdir"; then
			AC_DEFINE_UNQUOTED(OPENSSL_HEADER_PREFIX, [$opensslincdir], [Path to OpenSSL headers])
		fi
	fi
	PKG_CONFIG_PATH="${PKG_CONFIG_PATH_SAVE}"

	if test "$TCLEXT_BUILD" = "static"; then
		dnl If we are doing a static build, save the linker flags for other programs to consume
		rm -f tcltls.a.linkadd
		AS_ECHO(["$TCLTLS_SSL_LIBS"]) > tcltls.a.linkadd
................................................................................
	CFLAGS="${TCLTLS_SSL_CFLAGS} ${SAVE_CFLAGS} ${TCLTLS_SSL_CFLAGS}"
	CPPFLAGS="${TCLTLS_SSL_CPPFLAGS} ${SAVE_CPPFLAGS} ${TCLTLS_SSL_CPPFLAGS}"

	dnl Verify that basic functionality is there
	AC_LANG_PUSH(C)
	AC_MSG_CHECKING([if a basic OpenSSL program works])
	AC_LINK_IFELSE([AC_LANG_PROGRAM([
#ifdef OPENSSL_HEADER_PREFIX
#  define OPENSSL_HEADER(header) <OPENSSL_HEADER_PREFIX/header>
#else
#  define OPENSSL_HEADER(header) <header>
#endif
#include OPENSSL_HEADER(openssl/ssl.h)
#include OPENSSL_HEADER(openssl/opensslv.h)
#if (SSLEAY_VERSION_NUMBER >= 0x0907000L)
# include OPENSSL_HEADER(openssl/conf.h)
#endif
		], [
  SSL_library_init();
  SSL_load_error_strings();
		])], [
		AC_MSG_RESULT([yes])
	], [
................................................................................
	TCLTLS_SSL_OPENSSL_CHECK_PROTO_VER([tcltls_ssl_tls1_2], [TLSv1_2_method], [tlsv1.2], [NO_TLS1_2])
	TCLTLS_SSL_OPENSSL_CHECK_PROTO_VER([tcltls_ssl_tls1_3], [], [tlsv1.3], [NO_TLS1_3], [SSL_OP_NO_TLSv1_3])

	AC_CACHE_VAL([tcltls_cv_func_tlsext_hostname], [
		AC_LANG_PUSH(C)
		AC_MSG_CHECKING([for SSL_set_tlsext_host_name])
		AC_LINK_IFELSE([AC_LANG_PROGRAM([
#ifdef OPENSSL_HEADER_PREFIX
#  define OPENSSL_HEADER(header) <OPENSSL_HEADER_PREFIX/header>
#else
#  define OPENSSL_HEADER(header) <header>
#endif
#include OPENSSL_HEADER(openssl/ssl.h)
#if (SSLEAY_VERSION_NUMBER >= 0x0907000L)
# include OPENSSL_HEADER(openssl/conf.h)
#endif
			], [
  (void)SSL_set_tlsext_host_name((void *) 0, (void *) 0);
			])], [
			AC_MSG_RESULT([yes])
			tcltls_cv_func_tlsext_hostname='yes'
		], [

Changes to tls.c.

104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
/*
 * Thread-Safe TLS Code
 */

#ifdef TCL_THREADS
#define OPENSSL_THREAD_DEFINES
#include <openssl/opensslconf.h>

#ifdef OPENSSL_THREADS
#include <openssl/crypto.h>

/*
 * Threaded operation requires locking callbacks
 * Based from /crypto/cryptlib.c of OpenSSL and NSOpenSSL.
 */

static Tcl_Mutex *locks = NULL;






|


|







104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
/*
 * Thread-Safe TLS Code
 */

#ifdef TCL_THREADS
#define OPENSSL_THREAD_DEFINES
#include OPENSSL_HEADER(openssl/opensslconf.h)

#ifdef OPENSSL_THREADS
#include OPENSSL_HEADER(openssl/crypto.h)

/*
 * Threaded operation requires locking callbacks
 * Based from /crypto/cryptlib.c of OpenSSL and NSOpenSSL.
 */

static Tcl_Mutex *locks = NULL;

Changes to tls.h.

14
15
16
17
18
19
20


21


22
23
24
25
26
27
28
29
 *	tclSSL (Colin McCormack, Shared Technology)
 *	SSLtcl (Peter Antman)
 *
 */
#ifndef _TLS_H
#define _TLS_H



#include <tcl.h>



/*
 * Initialization routines -- our entire public C API.
 */
int Tls_Init(Tcl_Interp *interp);
int Tls_SafeInit(Tcl_Interp *interp);

#endif /* _TLS_H */






>
>

>
>








14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
 *	tclSSL (Colin McCormack, Shared Technology)
 *	SSLtcl (Peter Antman)
 *
 */
#ifndef _TLS_H
#define _TLS_H

#define mp_digit __TCL_MP_DIGIT
#define mp_int   __TCL_MP_INT
#include <tcl.h>
#undef mp_digit
#undef mp_int

/*
 * Initialization routines -- our entire public C API.
 */
int Tls_Init(Tcl_Interp *interp);
int Tls_SafeInit(Tcl_Interp *interp);

#endif /* _TLS_H */

Changes to tlsInt.h.

18
19
20
21
22
23
24






25
26
27
28
29
30
31
..
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
#ifndef _TLSINT_H
#define _TLSINT_H

#include "tls.h"
#include <errno.h>
#include <string.h>
#include <stdint.h>







#ifdef __WIN32__
#define WIN32_LEAN_AND_MEAN
#include <windows.h>
#include <wincrypt.h> /* OpenSSL needs this on Windows */
#endif

................................................................................
#  define NO_RC5
#  define NO_RSA
#  ifndef NO_SSL2
#    define NO_SSL2
#  endif
#endif

#include <openssl/ssl.h>
#include <openssl/err.h>
#include <openssl/rand.h>
#include <openssl/opensslv.h>

/*
 * Determine if we should use the pre-OpenSSL 1.1.0 API
 */
#undef TCLTLS_OPENSSL_PRE_1_1
#if (defined(LIBRESSL_VERSION_NUMBER)) || OPENSSL_VERSION_NUMBER < 0x10100000L
#  define TCLTLS_OPENSSL_PRE_1_1_API 1






>
>
>
>
>
>







 







|
|
|
|







18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
..
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
#ifndef _TLSINT_H
#define _TLSINT_H

#include "tls.h"
#include <errno.h>
#include <string.h>
#include <stdint.h>

#ifdef OPENSSL_HEADER_PREFIX
#  define OPENSSL_HEADER(header) <OPENSSL_HEADER_PREFIX/header>
#else
#  define OPENSSL_HEADER(header) <header>
#endif

#ifdef __WIN32__
#define WIN32_LEAN_AND_MEAN
#include <windows.h>
#include <wincrypt.h> /* OpenSSL needs this on Windows */
#endif

................................................................................
#  define NO_RC5
#  define NO_RSA
#  ifndef NO_SSL2
#    define NO_SSL2
#  endif
#endif

#include OPENSSL_HEADER(openssl/ssl.h)
#include OPENSSL_HEADER(openssl/err.h)
#include OPENSSL_HEADER(openssl/rand.h)
#include OPENSSL_HEADER(openssl/opensslv.h)

/*
 * Determine if we should use the pre-OpenSSL 1.1.0 API
 */
#undef TCLTLS_OPENSSL_PRE_1_1
#if (defined(LIBRESSL_VERSION_NUMBER)) || OPENSSL_VERSION_NUMBER < 0x10100000L
#  define TCLTLS_OPENSSL_PRE_1_1_API 1