Overview
| Comment: | Digest optimizations to delay conversion to OpenSSL types to initialization procedure. Add MAC info and incomplete Pkey info functions. |
|---|---|
| Downloads: | Tarball | ZIP archive | SQL archive |
| Timelines: | family | ancestors | descendants | both | crypto |
| Files: | files | file ages | folders |
| SHA3-256: |
d93493f3207796d74e79c64e5e607a7c |
| User & Date: | bohagan on 2023-12-08 03:03:26 |
| Other Links: | branch diff | manifest | tags |
Context
|
2023-12-10
| ||
| 05:55 | Refactored tlsInfo.c file to clear errors, use Obj in var names, and pass name as object instead of string. Split cipher command from its info function. check-in: d7ab5a4ae1 user: bohagan tags: crypto | |
|
2023-12-08
| ||
| 03:03 | Digest optimizations to delay conversion to OpenSSL types to initialization procedure. Add MAC info and incomplete Pkey info functions. check-in: d93493f320 user: bohagan tags: crypto | |
|
2023-12-04
| ||
| 03:56 | Split list operations into separate functions to make it easier for OpenSSL 3.0 changes. Added pkey list function. Added mac info and pkey info placeholder functions. More checks for NULL pointers. Moved legacy load ciphers and digest to init routine. check-in: 9e6e94200c user: bohagan tags: crypto | |
Changes
Modified generic/tlsDigest.c from [3c7733f450] to [65509e5caa].
| ︙ | ︙ | |||
30 31 32 33 34 35 36 | #define HEX_FORMAT 0x02 #define IS_XOF 0x08 #define TYPE_MD 0x10 #define TYPE_HMAC 0x20 #define TYPE_CMAC 0x40 #define TYPE_MAC 0x80 | < < < < | 30 31 32 33 34 35 36 37 38 39 40 41 42 43 |
#define HEX_FORMAT 0x02
#define IS_XOF 0x08
#define TYPE_MD 0x10
#define TYPE_HMAC 0x20
#define TYPE_CMAC 0x40
#define TYPE_MAC 0x80
/*******************************************************************/
/*
* This structure defines the per-instance state of a digest operation.
*/
typedef struct DigestState {
Tcl_Channel self; /* This socket channel */
|
| ︙ | ︙ | |||
147 148 149 150 151 152 153 | * to error message. * * Side effects: * No result or error message * *------------------------------------------------------------------- */ | | | | > > > | | > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > | | 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 |
* to error message.
*
* Side effects:
* No result or error message
*
*-------------------------------------------------------------------
*/
int DigestInitialize(Tcl_Interp *interp, DigestState *statePtr, Tcl_Obj *digestObj,
Tcl_Obj *cipherObj, Tcl_Obj *keyObj, Tcl_Obj *macObj) {
int key_len = 0, type = statePtr->format & 0xFF0;
const char *digestName = NULL, *cipherName = NULL, *macName = NULL;
const EVP_MD *md = NULL;
const EVP_CIPHER *cipher = NULL;
const unsigned char *key = NULL;
dprintf("Called");
/* Create contexts */
switch(type) {
case TYPE_MD:
statePtr->ctx = EVP_MD_CTX_new();
res = (statePtr->ctx != NULL);
break;
case TYPE_HMAC:
statePtr->hctx = HMAC_CTX_new();
res = (statePtr->hctx != NULL);
break;
case TYPE_CMAC:
statePtr->cctx = CMAC_CTX_new();
res = (statePtr->cctx != NULL);
break;
}
if (!res) {
Tcl_AppendResult(interp, "Create context failed", NULL);
return TCL_ERROR;
}
/* Get MAC */
if (macObj != NULL) {
macName = Tcl_GetStringFromObj(macObj, NULL);
if (strcmp(macName, "cmac") == 0) {
type = TYPE_CMAC;
} else if (strcmp(macName, "hmac") == 0) {
type = TYPE_HMAC;
} else {
Tcl_AppendResult(interp, "Invalid MAC \"", macName, "\"", NULL);
return TCL_ERROR;
}
} else if (type == TYPE_MAC) {
Tcl_AppendResult(interp, "No MAC specified", NULL);
return TCL_ERROR;
}
/* Get digest */
if (digestObj != NULL) {
digestName = Tcl_GetStringFromObj(digestObj, NULL);
md = EVP_get_digestbyname(digestName);
if (md == NULL) {
Tcl_AppendResult(interp, "Invalid digest \"", digestName, "\"", NULL);
return TCL_ERROR;
} else if (md == EVP_shake128() || md == EVP_shake256()) {
statePtr->format |= IS_XOF;
}
} else if (type != TYPE_CMAC) {
Tcl_AppendResult(interp, "No digest specified", NULL);
return TCL_ERROR;
}
/* Get cipher */
if (cipherObj != NULL) {
cipherName = Tcl_GetStringFromObj(cipherObj, NULL);
cipher = EVP_get_cipherbyname(cipherName);
if (cipher == NULL) {
Tcl_AppendResult(interp, "Invalid cipher \"", cipherName, "\"", NULL);
return TCL_ERROR;
}
} else if (type == TYPE_CMAC) {
Tcl_AppendResult(interp, "No cipher specified", NULL);
return TCL_ERROR;
}
/* Get key */
if (keyObj != NULL) {
key = Tcl_GetByteArrayFromObj(keyObj, &key_len);
} else if (type != TYPE_MD) {
Tcl_AppendResult(interp, "No key specified", NULL);
return TCL_ERROR;
}
/* Initialize cryptography function */
switch(type) {
case TYPE_MD:
res = EVP_DigestInit_ex(statePtr->ctx, md, NULL);
break;
case TYPE_HMAC:
res = HMAC_Init_ex(statePtr->hctx, (const void *) key, key_len, md, NULL);
break;
case TYPE_CMAC:
|
| ︙ | ︙ | |||
760 761 762 763 764 765 766 | * TCL_OK or TCL_ERROR * * Side effects: * Adds transform to channel and sets result to channel id or error message. * *---------------------------------------------------------------------- */ | | | | 806 807 808 809 810 811 812 813 814 815 816 817 818 819 820 821 |
* TCL_OK or TCL_ERROR
*
* Side effects:
* Adds transform to channel and sets result to channel id or error message.
*
*----------------------------------------------------------------------
*/
static int DigestChannelHandler(Tcl_Interp *interp, const char *channel, Tcl_Obj *digestObj,
Tcl_Obj *cipherObj, int format, Tcl_Obj *keyObj, Tcl_Obj *macObj) {
int mode; /* OR-ed combination of TCL_READABLE and TCL_WRITABLE */
Tcl_Channel chan;
DigestState *statePtr;
dprintf("Called");
/* Validate args */
|
| ︙ | ︙ | |||
797 798 799 800 801 802 803 |
Tcl_AppendResult(interp, "Memory allocation error", (char *) NULL);
return TCL_ERROR;
}
statePtr->self = chan;
statePtr->mode = mode;
/* Initialize hash function */
| | > | 843 844 845 846 847 848 849 850 851 852 853 854 855 856 857 858 |
Tcl_AppendResult(interp, "Memory allocation error", (char *) NULL);
return TCL_ERROR;
}
statePtr->self = chan;
statePtr->mode = mode;
/* Initialize hash function */
if (DigestInitialize(interp, statePtr, digestObj, cipherObj, keyObj, macObj) != TCL_OK) {
DigestStateFree(statePtr);
return TCL_ERROR;
}
/* Stack channel */
statePtr->self = Tcl_StackChannel(interp, &digestChannelType, (ClientData) statePtr, mode, chan);
if (statePtr->self == (Tcl_Channel) NULL) {
DigestStateFree(statePtr);
|
| ︙ | ︙ | |||
963 964 965 966 967 968 969 | * TCL_OK or TCL_ERROR * * Side effects: * Creates command or error message * *------------------------------------------------------------------- */ | | | | > > > > | 1010 1011 1012 1013 1014 1015 1016 1017 1018 1019 1020 1021 1022 1023 1024 1025 1026 1027 1028 1029 1030 1031 1032 1033 1034 1035 1036 1037 1038 1039 1040 1041 1042 1043 1044 1045 1046 1047 1048 |
* TCL_OK or TCL_ERROR
*
* Side effects:
* Creates command or error message
*
*-------------------------------------------------------------------
*/
int DigestCommandHandler(Tcl_Interp *interp, Tcl_Obj *cmdObj, Tcl_Obj *digestObj,
Tcl_Obj *cipherObj, int format, Tcl_Obj *keyObj, Tcl_Obj *macObj) {
DigestState *statePtr;
char *cmdName = Tcl_GetStringFromObj(cmdObj, NULL);
dprintf("Called");
/* Create state data structure */
if ((statePtr = DigestStateNew(interp, format)) == NULL) {
Tcl_AppendResult(interp, "Memory allocation error", (char *) NULL);
return TCL_ERROR;
}
/* Initialize hash function */
if (DigestInitialize(interp, statePtr, digestObj, cipherObj, keyObj, macObj) != TCL_OK) {
return TCL_ERROR;
}
/* Create instance command */
statePtr->token = Tcl_CreateObjCommand(interp, cmdName, DigestInstanceObjCmd,
(ClientData) statePtr, DigestCommandDeleteHandler);
if (statePtr->token == NULL) {
DigestStateFree(statePtr);
return TCL_ERROR;
}
/* Return command name */
Tcl_SetObjResult(interp, cmdObj);
return TCL_OK;
}
|
| ︙ | ︙ | |||
1008 1009 1010 1011 1012 1013 1014 | * TCL_OK or TCL_ERROR * * Side effects: * Sets result to message digest or error message * *------------------------------------------------------------------- */ | | | | | 1059 1060 1061 1062 1063 1064 1065 1066 1067 1068 1069 1070 1071 1072 1073 1074 1075 1076 1077 1078 1079 1080 1081 1082 1083 1084 1085 1086 1087 1088 1089 1090 1091 1092 1093 1094 1095 |
* TCL_OK or TCL_ERROR
*
* Side effects:
* Sets result to message digest or error message
*
*-------------------------------------------------------------------
*/
int DigestDataHandler(Tcl_Interp *interp, Tcl_Obj *dataObj, Tcl_Obj *digestObj,
Tcl_Obj *cipherObj, int format, Tcl_Obj *keyObj, Tcl_Obj *macObj) {
char *data;
int data_len;
DigestState *statePtr;
dprintf("Called");
/* Get data */
data = Tcl_GetByteArrayFromObj(dataObj, &data_len);
if (data == NULL) {
Tcl_SetResult(interp, "No data", NULL);
return TCL_ERROR;
}
/* Create state data structure */
if ((statePtr = DigestStateNew(interp, format)) == NULL) {
Tcl_AppendResult(interp, "Memory allocation error", (char *) NULL);
return TCL_ERROR;
}
/* Calc Digest */
if (DigestInitialize(interp, statePtr, digestObj, cipherObj, keyObj, macObj) != TCL_OK ||
DigestUpdate(statePtr, data, (size_t) data_len, 1) != TCL_OK ||
DigestFinalize(interp, statePtr, NULL) != TCL_OK) {
DigestStateFree(statePtr);
return TCL_ERROR;
}
/* Clean-up */
|
| ︙ | ︙ | |||
1059 1060 1061 1062 1063 1064 1065 | * TCL_OK or TCL_ERROR * * Side effects: * Result is message digest or error message * *------------------------------------------------------------------- */ | | | | 1110 1111 1112 1113 1114 1115 1116 1117 1118 1119 1120 1121 1122 1123 1124 1125 |
* TCL_OK or TCL_ERROR
*
* Side effects:
* Result is message digest or error message
*
*-------------------------------------------------------------------
*/
int DigestFileHandler(Tcl_Interp *interp, Tcl_Obj *inFileObj, Tcl_Obj *digestObj,
Tcl_Obj *cipherObj, int format, Tcl_Obj *keyObj, Tcl_Obj *macObj) {
DigestState *statePtr;
Tcl_Channel chan = NULL;
unsigned char buf[BUFFER_SIZE];
int res = TCL_OK, len;
dprintf("Called");
|
| ︙ | ︙ | |||
1088 1089 1090 1091 1092 1093 1094 |
/* Configure channel */
if ((res = Tcl_SetChannelOption(interp, chan, "-translation", "binary")) != TCL_OK) {
goto done;
}
Tcl_SetChannelBufferSize(chan, BUFFER_SIZE);
/* Initialize hash function */
| | | < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < | 1139 1140 1141 1142 1143 1144 1145 1146 1147 1148 1149 1150 1151 1152 1153 1154 1155 1156 1157 1158 1159 1160 1161 1162 1163 1164 1165 1166 1167 1168 1169 1170 1171 1172 1173 1174 1175 1176 1177 1178 1179 1180 |
/* Configure channel */
if ((res = Tcl_SetChannelOption(interp, chan, "-translation", "binary")) != TCL_OK) {
goto done;
}
Tcl_SetChannelBufferSize(chan, BUFFER_SIZE);
/* Initialize hash function */
if ((res = DigestInitialize(interp, statePtr, digestObj, cipherObj, keyObj, macObj)) != TCL_OK) {
goto done;
}
/* Read file data and update hash function */
while (!Tcl_Eof(chan)) {
len = Tcl_ReadRaw(chan, (char *) buf, BUFFER_SIZE);
if (len > 0) {
if ((res = DigestUpdate(statePtr, &buf[0], (size_t) len, 1)) != TCL_OK) {
goto done;
}
}
}
/* Finalize hash function and calculate message digest */
res = DigestFinalize(interp, statePtr, NULL);
done:
/* Close channel */
if (Tcl_Close(interp, chan) == TCL_ERROR) {
res = TCL_ERROR;
}
/* Clean-up */
DigestStateFree(statePtr);
return res;
}
/*******************************************************************/
/*
*-------------------------------------------------------------------
*
* DigestMain --
*
|
| ︙ | ︙ | |||
1253 1254 1255 1256 1257 1258 1259 |
*-------------------------------------------------------------------
*/
static int DigestMain(int type, Tcl_Interp *interp, int objc, Tcl_Obj *const objv[]) {
int idx, start = 1, format = HEX_FORMAT, res = TCL_OK;
Tcl_Obj *cipherObj = NULL, *cmdObj = NULL, *dataObj = NULL, *digestObj = NULL;
Tcl_Obj *fileObj = NULL, *keyObj = NULL, *macObj = NULL;
const char *channel = NULL, *opt;
| < < < | 1190 1191 1192 1193 1194 1195 1196 1197 1198 1199 1200 1201 1202 1203 |
*-------------------------------------------------------------------
*/
static int DigestMain(int type, Tcl_Interp *interp, int objc, Tcl_Obj *const objv[]) {
int idx, start = 1, format = HEX_FORMAT, res = TCL_OK;
Tcl_Obj *cipherObj = NULL, *cmdObj = NULL, *dataObj = NULL, *digestObj = NULL;
Tcl_Obj *fileObj = NULL, *keyObj = NULL, *macObj = NULL;
const char *channel = NULL, *opt;
dprintf("Called");
/* Clear interp result */
Tcl_ResetResult(interp);
/* Validate arg count */
|
| ︙ | ︙ | |||
1315 1316 1317 1318 1319 1320 1321 |
}
/* If only 1 arg left, it's the data */
if (idx < objc && dataObj == NULL) {
dataObj = objv[idx];
}
| | | < < < | < < < < < < < < < | < < < | < < < < | < < < | < < < < < < < < < < < | | | | | 1249 1250 1251 1252 1253 1254 1255 1256 1257 1258 1259 1260 1261 1262 1263 1264 1265 1266 1267 1268 1269 1270 1271 1272 1273 1274 1275 1276 1277 1278 |
}
/* If only 1 arg left, it's the data */
if (idx < objc && dataObj == NULL) {
dataObj = objv[idx];
}
/* Check types */
if (type == TYPE_MD && cipherObj != NULL) {
type = TYPE_CMAC;
} else if (type == TYPE_MD && keyObj != NULL) {
type = TYPE_HMAC;
}
/* Calc digest on file, stacked channel, using instance command, or data blob */
if (fileObj != NULL) {
res = DigestFileHandler(interp, fileObj, digestObj, cipherObj, format | type, keyObj, macObj);
} else if (channel != NULL) {
res = DigestChannelHandler(interp, channel, digestObj, cipherObj, format | type, keyObj, macObj);
} else if (cmdObj != NULL) {
res = DigestCommandHandler(interp, cmdObj, digestObj, cipherObj, format | type, keyObj, macObj);
} else if (dataObj != NULL) {
res = DigestDataHandler(interp, dataObj, digestObj, cipherObj, format | type, keyObj, macObj);
} else {
Tcl_AppendResult(interp, "No operation specified: Use -channel, -command, -data, or -file option", NULL);
res = TCL_ERROR;
}
return res;
}
|
| ︙ | ︙ |
Modified generic/tlsInfo.c from [e2ea39ef40] to [95753c0faa].
| ︙ | ︙ | |||
391 392 393 394 395 396 397 398 |
*
* Side effects:
* None.
*
*-------------------------------------------------------------------
*/
int DigestInfo(Tcl_Interp *interp, char *digestName) {
Tcl_Obj *objPtr, *listPtr;
| > < > > > | 391 392 393 394 395 396 397 398 399 400 401 402 403 404 405 406 407 408 409 410 411 |
*
* Side effects:
* None.
*
*-------------------------------------------------------------------
*/
int DigestInfo(Tcl_Interp *interp, char *digestName) {
EVP_MD *md;
Tcl_Obj *objPtr, *listPtr;
unsigned long flags;
/* Get message digest */
md = EVP_get_digestbyname(digestName);
if (md == NULL) {
Tcl_AppendResult(interp, "Invalid digest \"", digestName, "\"", NULL);
return TCL_ERROR;
}
/* Get properties */
objPtr = Tcl_NewListObj(0, NULL);
|
| ︙ | ︙ | |||
505 506 507 508 509 510 511 |
*
* Side effects:
* None.
*
*-------------------------------------------------------------------
*/
int MacInfo(Tcl_Interp *interp, char *macName) {
| > > > > > > > > > > > > > > > | | 508 509 510 511 512 513 514 515 516 517 518 519 520 521 522 523 524 525 526 527 528 529 530 531 532 533 534 535 536 537 |
*
* Side effects:
* None.
*
*-------------------------------------------------------------------
*/
int MacInfo(Tcl_Interp *interp, char *macName) {
if (strcmp(macName, "cmac") != 0 && strcmp(macName, "hmac") != 0) {
Tcl_AppendResult(interp, "Invalid MAC \"", macName, "\"", NULL);
return TCL_ERROR;
}
/* Get properties */
objPtr = Tcl_NewListObj(0, NULL);
if (objPtr == NULL) {
return TCL_ERROR;
}
LAPPEND_STR(interp, objPtr, "name", macName, -1);
LAPPEND_STR(interp, objPtr, "description", "", -1);
LAPPEND_STR(interp, objPtr, "provider", "", -1);
Tcl_SetObjResult(interp, objPtr);
return TCL_OK;
}
/*
*-------------------------------------------------------------------
*
* MacList --
*
|
| ︙ | ︙ | |||
590 591 592 593 594 595 596 |
*
* Side effects:
* None.
*
*-------------------------------------------------------------------
*/
int PkeyInfo(Tcl_Interp *interp, char *pkeyName) {
| > > > > > > > > > > > > > > > > > > > > > > > > > | | 608 609 610 611 612 613 614 615 616 617 618 619 620 621 622 623 624 625 626 627 628 629 630 631 632 633 634 635 636 637 638 639 640 641 642 643 644 645 646 647 |
*
* Side effects:
* None.
*
*-------------------------------------------------------------------
*/
int PkeyInfo(Tcl_Interp *interp, char *pkeyName) {
Tcl_Obj *objPtr;
EVP_PKEY *pkey = NULL;
/* In work */
if (pkey == NULL) {
Tcl_AppendResult(interp, "Invalid public key method \"", pkeyName, "\"", NULL);
return TCL_ERROR;
}
/* Get properties */
objPtr = Tcl_NewListObj(0, NULL);
if (objPtr == NULL) {
return TCL_ERROR;
}
LAPPEND_STR(interp, objPtr, "name", OBJ_nid2ln(EVP_PKEY_id(pkey)), -1);
LAPPEND_STR(interp, objPtr, "description", "", -1);
LAPPEND_STR(interp, objPtr, "baseId", OBJ_nid2ln(EVP_PKEY_base_id(pkey)), -1);
LAPPEND_STR(interp, objPtr, "provider", "", -1);
LAPPEND_STR(interp, objPtr, "type", OBJ_nid2ln(EVP_PKEY_type(EVP_PKEY_id(pkey))), -1);
LAPPEND_INT(interp, objPtr, "size", EVP_PKEY_size(pkey));
LAPPEND_INT(interp, objPtr, "bits", EVP_PKEY_bits(pkey));
LAPPEND_INT(interp, objPtr, "security_bits", EVP_PKEY_security_bits(pkey));
Tcl_SetObjResult(interp, objPtr);
return TCL_OK;
}
/*
*-------------------------------------------------------------------
*
* PkeyList --
*
|
| ︙ | ︙ |