Check-in [bf7f82b5e8]
Overview
Comment:Updated to support a deterministic mode
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | tls-1-7
Files: files | file ages | folders
SHA1: bf7f82b5e82c3c4173fb9add2d6cdd9acd74e2dc
User & Date: rkeene on 2016-12-01 21:51:55
Other Links: branch diff | manifest | tags
Context
2016-12-02
16:09
Minor cleanup of global variables and void function check-in: ee18d6c91e user: rkeene tags: tls-1-7
2016-12-01
21:51
Updated to support a deterministic mode check-in: bf7f82b5e8 user: rkeene tags: tls-1-7
21:36
Updated to generate DH parameters more dynamically check-in: 3d5e70d1d5 user: rkeene tags: tls-1-7
Changes

Modified Makefile.in from [e516302d1e] to [d6e6218bd6].

33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
# this extension
@srcdir@/tls.tcl.h: @srcdir@/tls.tcl
	xxd -i < '@srcdir@/tls.tcl' > '@srcdir@/tls.tcl.h.new'
	mv '@srcdir@/tls.tcl.h.new' '@srcdir@/tls.tcl.h'

# Create default DH parameters
dh_params.h: @srcdir@/gen_dh_params
	@srcdir@/gen_dh_params > dh_params.h.new
	mv dh_params.h.new dh_params.h

# Generic target for building files from the "srcdir"
# tree -- the default target will not match paths
%.o: @srcdir@/%.c
	$(CC) $(CPPFLAGS) $(CFLAGS) -o "$@" -c "$<"








|







33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
# this extension
@srcdir@/tls.tcl.h: @srcdir@/tls.tcl
	xxd -i < '@srcdir@/tls.tcl' > '@srcdir@/tls.tcl.h.new'
	mv '@srcdir@/tls.tcl.h.new' '@srcdir@/tls.tcl.h'

# Create default DH parameters
dh_params.h: @srcdir@/gen_dh_params
	@srcdir@/gen_dh_params @GEN_DH_PARAMS_ARGS@ > dh_params.h.new
	mv dh_params.h.new dh_params.h

# Generic target for building files from the "srcdir"
# tree -- the default target will not match paths
%.o: @srcdir@/%.c
	$(CC) $(CPPFLAGS) $(CFLAGS) -o "$@" -c "$<"

Modified configure.in from [0ba49b2843] to [92ab7478f3].

40
41
42
43
44
45
46













47
48
49
50
51
52
53
	fi

	tcltls_ssl_lib="$withval"
], [
	tcltls_ssl_lib='auto'
])















AC_CHECK_TOOL([PKGCONFIG], [pkg-config], [false])

dnl XXX:TODO: Automatically determine the SSL library to use
dnl           defaulting to OpenSSL for compatibility reasons
if test "$tcltls_ssl_lib" = 'auto'; then
	tcltls_ssl_lib='openssl'







>
>
>
>
>
>
>
>
>
>
>
>
>







40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
	fi

	tcltls_ssl_lib="$withval"
], [
	tcltls_ssl_lib='auto'
])

dnl Enable support for building the same library every time
tcltls_deterministic='false'
AC_ARG_ENABLE([deterministic], AS_HELP_STRING([--enable-deterministic], [enable deterministic parameters]), [
	if test "$enableval" = "yes"; then
		tcltls_deterministic='true'
	fi
])
if test "$tcltls_deterministic" = 'true'; then
	GEN_DH_PARAMS_ARGS='fallback'
else
	GEN_DH_PARAMS_ARGS=''
fi
AC_SUBST(GEN_DH_PARAMS_ARGS)

AC_CHECK_TOOL([PKGCONFIG], [pkg-config], [false])

dnl XXX:TODO: Automatically determine the SSL library to use
dnl           defaulting to OpenSSL for compatibility reasons
if test "$tcltls_ssl_lib" = 'auto'; then
	tcltls_ssl_lib='openssl'

Modified gen_dh_params from [a7290cba5e] to [121b16da7e].

76
77
78
79
80
81
82







83
84
85
86
87
88
	dh->g=BN_bin2bn(dh2048_g,sizeof(dh2048_g),NULL);
	if ((dh->p == NULL) || (dh->g == NULL))
		{ DH_free(dh); return(NULL); }
	return(dh);
	}
_EOF_
}








gen_dh_params_openssl && exit 0
gen_dh_params_remote && exit 0
gen_dh_params_fallback && exit 0

exit 1







>
>
>
>
>
>
>






76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
	dh->g=BN_bin2bn(dh2048_g,sizeof(dh2048_g),NULL);
	if ((dh->p == NULL) || (dh->g == NULL))
		{ DH_free(dh); return(NULL); }
	return(dh);
	}
_EOF_
}

# Enable support for giving the same DH params each time
if [ "$1" = 'fallback' ]; then
	gen_dh_params_fallback && exit 0

	exit 1
fi

gen_dh_params_openssl && exit 0
gen_dh_params_remote && exit 0
gen_dh_params_fallback && exit 0

exit 1