Changes In Branch openssl-1.1 Through [2ed4afb942] Excluding Merge-Ins
This is equivalent to a diff from 0409513536 to 2ed4afb942
2016-12-08
| ||
07:37 | Integrated OpenSSL 1.1 patches check-in: a23ed6f309 user: rkeene tags: trunk | |
07:32 | Do not try to set memory functions -- prototype is broken in newer version and older versions have bugs related to it check-in: bbe273b3dc user: rkeene tags: openssl-1.1 | |
07:25 | Whitspace formatting changes check-in: 2ed4afb942 user: rkeene tags: openssl-1.1 | |
07:08 | Updated fallback DH params for OpenSSL, supporting OpenSSL 1.1 and older versions check-in: bc2460fc22 user: rkeene tags: openssl-1.1 | |
06:33 | Create new branch named "openssl-1.1" check-in: 6a78084630 user: rkeene tags: openssl-1.1 | |
04:26 | Merged in work for TclTLS 1.7 to trunk check-in: 0409513536 user: rkeene tags: trunk | |
04:24 | Updated to remove comment from rendered HTML in documentation check-in: ea2c60a999 user: rkeene tags: tls-1-7 | |
2016-11-22
| ||
21:43 | Merged in several outstanding patches check-in: 6aedc8c1b5 user: rkeene tags: trunk | |
Modified aclocal/tcltls_openssl.m4 from [1d5f994f6e] to [1d21ae0afb].
︙ | ︙ | |||
115 116 117 118 119 120 121 122 123 124 125 | CPPFLAGS="${SAVE_CPPFLAGS} ${TCLTLS_SSL_CPPFLAGS}" dnl Verify that basic functionality is there AC_LANG_PUSH(C) AC_MSG_CHECKING([if a basic OpenSSL program works]) AC_LINK_IFELSE([AC_LANG_PROGRAM([ #include <openssl/ssl.h> #if (SSLEAY_VERSION_NUMBER >= 0x0907000L) # include <openssl/conf.h> #endif ], [ | > > | > > > < | 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 | CPPFLAGS="${SAVE_CPPFLAGS} ${TCLTLS_SSL_CPPFLAGS}" dnl Verify that basic functionality is there AC_LANG_PUSH(C) AC_MSG_CHECKING([if a basic OpenSSL program works]) AC_LINK_IFELSE([AC_LANG_PROGRAM([ #include <openssl/ssl.h> #include <openssl/opensslv.h> #if (SSLEAY_VERSION_NUMBER >= 0x0907000L) # include <openssl/conf.h> #endif ], [ #if OPENSSL_VERSION_NUMBER < 0x10100000L SSL_library_init(); #else OPENSSL_init_ssl(0, NULL); #endif SSL_load_error_strings(); ])], [ AC_MSG_RESULT([yes]) ], [ AC_MSG_RESULT([no]) AC_MSG_ERROR([Unable to compile a basic program using OpenSSL]) ]) AC_LANG_POP([C]) |
︙ | ︙ |
Modified gen_dh_params from [d60a4dc243] to [c6f609976c].
︙ | ︙ | |||
33 34 35 36 37 38 39 | fi return 1 } gen_dh_params_fallback() { cat << \_EOF_ | | < | | 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 | fi return 1 } gen_dh_params_fallback() { cat << \_EOF_ DH *get_dh2048(void) { static unsigned char dhp_2048[] = { 0xC1,0x51,0x58,0x69,0xFB,0xE8,0x6C,0x47,0x2B,0x86,0x61,0x4F, 0x20,0x2E,0xD3,0xFC,0x19,0xEE,0xB8,0xF3,0x35,0x7D,0xBA,0x86, 0x2A,0xC3,0xC8,0x6E,0xF4,0x99,0x75,0x65,0xD3,0x7A,0x9E,0xDF, 0xD4,0x1F,0x88,0xE3,0x17,0xFC,0xA1,0xED,0xA2,0xB6,0x77,0x84, 0xAA,0x08,0xF2,0x97,0x59,0x7A,0xA0,0x03,0x0D,0x3E,0x7E,0x6D, 0x65,0x6A,0xA4,0xEA,0x54,0xA9,0x52,0x5F,0x63,0xB4,0xBC,0x98, 0x4E,0xF6,0xE1,0xA4,0xEE,0x16,0x0A,0xB0,0x01,0xBD,0x9F,0xA1, |
︙ | ︙ | |||
58 59 60 61 62 63 64 | 0xA9,0x4D,0xD5,0xFD,0xED,0xF2,0x6D,0x32,0x17,0x97,0x5B,0x06, 0x60,0x9C,0x5F,0xA3,0x5D,0x34,0x14,0x7E,0x63,0x54,0xE4,0x7E, 0x09,0x8F,0xBB,0x8E,0xA0,0xD0,0x96,0xAC,0x30,0x20,0x39,0x3B, 0x8C,0x92,0x65,0x37,0x0A,0x8F,0xEC,0x72,0x8B,0x61,0x7D,0x62, 0x24,0x54,0xE9,0x1D,0x01,0x68,0x89,0xC4,0x7B,0x3C,0x48,0x62, 0x9B,0x83,0x11,0x3A,0x0B,0x0D,0xEF,0x5A,0xE4,0x7A,0xA0,0x69, 0xF4,0x54,0xB5,0x5B, | | | | > | > | > > | > > | > > > | > > > > > > > | > > | | 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 | 0xA9,0x4D,0xD5,0xFD,0xED,0xF2,0x6D,0x32,0x17,0x97,0x5B,0x06, 0x60,0x9C,0x5F,0xA3,0x5D,0x34,0x14,0x7E,0x63,0x54,0xE4,0x7E, 0x09,0x8F,0xBB,0x8E,0xA0,0xD0,0x96,0xAC,0x30,0x20,0x39,0x3B, 0x8C,0x92,0x65,0x37,0x0A,0x8F,0xEC,0x72,0x8B,0x61,0x7D,0x62, 0x24,0x54,0xE9,0x1D,0x01,0x68,0x89,0xC4,0x7B,0x3C,0x48,0x62, 0x9B,0x83,0x11,0x3A,0x0B,0x0D,0xEF,0x5A,0xE4,0x7A,0xA0,0x69, 0xF4,0x54,0xB5,0x5B, }; static unsigned char dhg_2048[] = { 0x02, }; DH *dh = DH_new();; BIGNUM *dhp_bn, *dhg_bn; if (dh == NULL) { return NULL; } dhp_bn = BN_bin2bn(dhp_2048, sizeof (dhp_2048), NULL); dhg_bn = BN_bin2bn(dhg_2048, sizeof (dhg_2048), NULL); #if OPENSSL_VERSION_NUMBER < 0x10100000L dh->p = dhp_bn; dh->g = dhg_bn; if (dhp_bn == NULL || dhg_bn == NULL) { #else if (dhp_bn == NULL || dhg_bn == NULL || !DH_set0_pqg(dh, dhp_bn, NULL, dhg_bn)) { #endif DH_free(dh); BN_free(dhp_bn); BN_free(dhg_bn); return(NULL); } return(dh); } _EOF_ } # Enable support for giving the same DH params each time if [ "$1" = 'fallback' ]; then gen_dh_params_fallback && exit 0 |
︙ | ︙ |
Modified tls.c from [9b5d593b52] to [1ee30f1327].
︙ | ︙ | |||
119 120 121 122 123 124 125 126 127 128 129 130 131 132 | #include <openssl/crypto.h> /* * Threaded operation requires locking callbacks * Based from /crypto/cryptlib.c of OpenSSL and NSOpenSSL. */ static Tcl_Mutex locks[CRYPTO_NUM_LOCKS]; static Tcl_Mutex init_mx; static void CryptoThreadLockCallback (int mode, int n, const char *file, int line); static unsigned long CryptoThreadIdCallback (void); static void | > > > | 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 | #include <openssl/crypto.h> /* * Threaded operation requires locking callbacks * Based from /crypto/cryptlib.c of OpenSSL and NSOpenSSL. */ #ifndef CRYPTO_NUM_LOCKS #define CRYPTO_NUM_LOCKS 128 #endif static Tcl_Mutex locks[CRYPTO_NUM_LOCKS]; static Tcl_Mutex init_mx; static void CryptoThreadLockCallback (int mode, int n, const char *file, int line); static unsigned long CryptoThreadIdCallback (void); static void |
︙ | ︙ | |||
260 261 262 263 264 265 266 | */ static int VerifyCallback(int ok, X509_STORE_CTX *ctx) { Tcl_Obj *cmdPtr, *result; char *errStr, *string; int length; | | | 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 | */ static int VerifyCallback(int ok, X509_STORE_CTX *ctx) { Tcl_Obj *cmdPtr, *result; char *errStr, *string; int length; SSL *ssl = (SSL*)X509_STORE_CTX_get_ex_data(ctx, SSL_get_ex_data_X509_STORE_CTX_idx()); X509 *cert = X509_STORE_CTX_get_current_cert(ctx); State *statePtr = (State*)SSL_get_app_data(ssl); int depth = X509_STORE_CTX_get_error_depth(ctx); int err = X509_STORE_CTX_get_error(ctx); dprintf("Verify: %d", ok); |
︙ | ︙ | |||
1742 1743 1744 1745 1746 1747 1748 | * *------------------------------------------------------* */ static int TlsLibInit (void) { static int initialized = 0; int i; char rnd_seed[16] = "GrzSlplKqUdnnzP!"; /* 16 bytes */ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | > | 1745 1746 1747 1748 1749 1750 1751 1752 1753 1754 1755 1756 1757 1758 1759 1760 1761 1762 1763 1764 1765 1766 1767 1768 1769 1770 1771 1772 1773 1774 1775 1776 1777 1778 1779 1780 1781 1782 1783 1784 1785 1786 1787 1788 1789 1790 1791 1792 1793 1794 1795 1796 1797 1798 1799 1800 1801 1802 1803 1804 1805 1806 1807 1808 1809 1810 1811 1812 1813 1814 | * *------------------------------------------------------* */ static int TlsLibInit (void) { static int initialized = 0; int i; char rnd_seed[16] = "GrzSlplKqUdnnzP!"; /* 16 bytes */ int status = TCL_OK; if (initialized) { return(status); } initialized = 1; #if defined(OPENSSL_THREADS) && defined(TCL_THREADS) size_t num_locks; Tcl_MutexLock(&init_mx); #endif if (CRYPTO_set_mem_functions((void *(*)(size_t))Tcl_Alloc, (void *(*)(void *, size_t))Tcl_Realloc, (void(*)(void *))Tcl_Free) == 0) { /* Not using Tcl's mem functions ... not critical */ } #if defined(OPENSSL_THREADS) && defined(TCL_THREADS) /* should we consider allocating mutexes? */ num_locks = CRYPTO_num_locks(); if (num_locks > CRYPTO_NUM_LOCKS) { status = TCL_ERROR; goto done; } CRYPTO_set_locking_callback(CryptoThreadLockCallback); CRYPTO_set_id_callback(CryptoThreadIdCallback); #endif if (SSL_library_init() != 1) { status = TCL_ERROR; goto done; } SSL_load_error_strings(); ERR_load_crypto_strings(); /* * Seed the random number generator in the SSL library, * using the do/while construct because of the bug note in the * OpenSSL FAQ at http://www.openssl.org/support/faq.html#USER1 * * The crux of the problem is that Solaris 7 does not have a * /dev/random or /dev/urandom device so it cannot gather enough * entropy from the RAND_seed() when TLS initializes and refuses * to go further. Earlier versions of OpenSSL carried on regardless. */ srand((unsigned int) time((time_t *) NULL)); do { for (i = 0; i < 16; i++) { rnd_seed[i] = 1 + (char) (255.0 * rand()/(RAND_MAX+1.0)); } RAND_seed(rnd_seed, sizeof(rnd_seed)); } while (RAND_status() != 1); done: #if defined(OPENSSL_THREADS) && defined(TCL_THREADS) Tcl_MutexUnlock(&init_mx); #endif return status; } |
Modified tlsBIO.c from [540c0ab883] to [936355d12f].
︙ | ︙ | |||
19 20 21 22 23 24 25 | BIO * BIO_new_tcl(statePtr, flags) State *statePtr; int flags; { BIO *bio; | | | > | | | | | | | < | > | | > | | | | 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 | BIO * BIO_new_tcl(statePtr, flags) State *statePtr; int flags; { BIO *bio; static BIO_METHOD *BioMethods = NULL; if (BioMethods == NULL) { BioMethods = BIO_meth_new(BIO_TYPE_TCL, "tcl"); BIO_meth_set_write(BioMethods, BioWrite); BIO_meth_set_read(BioMethods, BioRead); BIO_meth_set_puts(BioMethods, BioPuts); BIO_meth_set_ctrl(BioMethods, BioCtrl); BIO_meth_set_create(BioMethods, BioNew); BIO_meth_set_destroy(BioMethods, BioFree); } bio = BIO_new(BioMethods); BIO_set_data(bio, statePtr); BIO_set_init(bio, 1); BIO_set_shutdown(bio, flags); return bio; } static int BioWrite (bio, buf, bufLen) BIO *bio; CONST char *buf; int bufLen; { Tcl_Channel chan = Tls_GetParent((State*)BIO_get_data(bio)); int ret; dprintf("BioWrite(%p, <buf>, %d) [%p]", (void *) bio, bufLen, (void *) chan); if (channelTypeVersion == TLS_CHANNEL_VERSION_2) { ret = Tcl_WriteRaw(chan, buf, bufLen); |
︙ | ︙ | |||
79 80 81 82 83 84 85 | static int BioRead (bio, buf, bufLen) BIO *bio; char *buf; int bufLen; { | | | 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 | static int BioRead (bio, buf, bufLen) BIO *bio; char *buf; int bufLen; { Tcl_Channel chan = Tls_GetParent((State*)BIO_get_data(bio)); int ret = 0; int tclEofChan; dprintf("BioRead(%p, <buf>, %d) [%p]", (void *) bio, bufLen, (void *) chan); if (buf == NULL) return 0; |
︙ | ︙ | |||
135 136 137 138 139 140 141 | static long BioCtrl (bio, cmd, num, ptr) BIO *bio; int cmd; long num; void *ptr; { | | < | < < < | | < | < < < < < | < | | | | 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 | static long BioCtrl (bio, cmd, num, ptr) BIO *bio; int cmd; long num; void *ptr; { Tcl_Channel chan = Tls_GetParent((State*)BIO_get_data(bio)); long ret = 1; dprintf("BioCtrl(%p, 0x%x, 0x%x, %p)", (void *) bio, (unsigned int) cmd, (unsigned int) num, (void *) ptr); switch (cmd) { case BIO_CTRL_RESET: num = 0; case BIO_C_FILE_SEEK: case BIO_C_FILE_TELL: ret = 0; break; case BIO_CTRL_INFO: ret = 1; break; case BIO_C_SET_FD: dprintf("Unsupported call: BIO_C_SET_FD"); ret = -1; break; case BIO_C_GET_FD: dprintf("Unsupported call: BIO_C_GET_FD"); ret = -1; break; case BIO_CTRL_GET_CLOSE: ret = BIO_get_shutdown(bio); break; case BIO_CTRL_SET_CLOSE: BIO_set_shutdown(bio, num); break; case BIO_CTRL_EOF: dprintf("BIO_CTRL_EOF"); ret = Tcl_Eof(chan); break; case BIO_CTRL_PENDING: ret = (Tcl_InputBuffered(chan) ? 1 : 0); |
︙ | ︙ | |||
209 210 211 212 213 214 215 | return(ret); } static int BioNew (bio) BIO *bio; { | | < | | | < | | | < | 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 | return(ret); } static int BioNew (bio) BIO *bio; { BIO_set_init(bio, 0); BIO_set_data(bio, NULL); BIO_clear_flags(bio, -1); return 1; } static int BioFree (bio) BIO *bio; { if (bio == NULL) { return 0; } if (BIO_get_shutdown(bio)) { if (BIO_get_init(bio)) { /*shutdown(bio->num, 2) */ /*closesocket(bio->num) */ } BIO_set_init(bio, 0); BIO_clear_flags(bio, -1); } return 1; } |
Modified tlsInt.h from [65f97677c5] to [c265b67309].
︙ | ︙ | |||
257 258 259 260 261 262 263 264 265 | void Tls_Error _ANSI_ARGS_ ((State *statePtr, char *msg)); void Tls_Free _ANSI_ARGS_ ((char *blockPtr)); void Tls_Clean _ANSI_ARGS_ ((State *statePtr)); int Tls_WaitForConnect _ANSI_ARGS_(( State *statePtr, int *errorCodePtr)); BIO * BIO_new_tcl _ANSI_ARGS_((State* statePtr, int flags)); #endif /* _TLSINT_H */ | > > > > > > > > > > > > > > > > > > > > > | 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 | void Tls_Error _ANSI_ARGS_ ((State *statePtr, char *msg)); void Tls_Free _ANSI_ARGS_ ((char *blockPtr)); void Tls_Clean _ANSI_ARGS_ ((State *statePtr)); int Tls_WaitForConnect _ANSI_ARGS_(( State *statePtr, int *errorCodePtr)); BIO * BIO_new_tcl _ANSI_ARGS_((State* statePtr, int flags)); #if OPENSSL_VERSION_NUMBER < 0x10100000L #define BIO_get_data(bio) ((bio)->ptr) #define BIO_get_init(bio) ((bio)->init) #define BIO_get_shutdown(bio) ((bio)->shutdown) #define BIO_set_data(bio, val) (bio)->ptr = (val) #define BIO_set_init(bio, val) (bio)->init = (val) #define BIO_set_shutdown(bio, val) (bio)->shutdown = (val) /* XXX: This assumes the variable being assigned to is BioMethods */ #define BIO_meth_new(type_, name_) (BIO_METHOD *)Tcl_Alloc(sizeof(BIO_METHOD)); \ memset(BioMethods, 0, sizeof(BIO_METHOD)); \ BioMethods->type = type_; \ BioMethods->name = name_; #define BIO_meth_set_write(bio, val) (bio)->bwrite = val; #define BIO_meth_set_read(bio, val) (bio)->bread = val; #define BIO_meth_set_puts(bio, val) (bio)->bputs = val; #define BIO_meth_set_ctrl(bio, val) (bio)->ctrl = val; #define BIO_meth_set_create(bio, val) (bio)->create = val; #define BIO_meth_set_destroy(bio, val) (bio)->destroy = val; #endif #endif /* _TLSINT_H */ |
Modified tlsX509.c from [a24085972c] to [9fff18dbef].
︙ | ︙ | |||
97 98 99 100 101 102 103 | char issuer[BUFSIZ]; char serial[BUFSIZ]; char notBefore[BUFSIZ]; char notAfter[BUFSIZ]; char certStr[BUFSIZ]; #ifndef NO_SSL_SHA int shai; | | > > > | 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 | char issuer[BUFSIZ]; char serial[BUFSIZ]; char notBefore[BUFSIZ]; char notAfter[BUFSIZ]; char certStr[BUFSIZ]; #ifndef NO_SSL_SHA int shai; char sha_hash_ascii[SHA_DIGEST_LENGTH * 2 + 1]; unsigned char sha_hash_binary[SHA_DIGEST_LENGTH]; const char *shachars="0123456789ABCDEF"; sha_hash_ascii[SHA_DIGEST_LENGTH * 2] = '\0'; #endif certStr[0] = 0; if ((bio = BIO_new(BIO_s_mem())) == NULL) { subject[0] = 0; issuer[0] = 0; serial[0] = 0; |
︙ | ︙ | |||
142 143 144 145 146 147 148 | BIO_free(bio); } strcpy( notBefore, ASN1_UTCTIME_tostr( X509_get_notBefore(cert) )); strcpy( notAfter, ASN1_UTCTIME_tostr( X509_get_notAfter(cert) )); #ifndef NO_SSL_SHA | > | < | | | < | < | 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 | BIO_free(bio); } strcpy( notBefore, ASN1_UTCTIME_tostr( X509_get_notBefore(cert) )); strcpy( notAfter, ASN1_UTCTIME_tostr( X509_get_notAfter(cert) )); #ifndef NO_SSL_SHA X509_digest(cert, EVP_sha1(), sha_hash_binary, NULL); for (shai = 0; shai < SHA_DIGEST_LENGTH; shai++) { sha_hash_ascii[shai * 2] = shachars[(sha_hash_binary[shai] & 0xF0) >> 4]; sha_hash_ascii[shai * 2 + 1] = shachars[(sha_hash_binary[shai] & 0x0F)]; } Tcl_ListObjAppendElement( interp, certPtr, Tcl_NewStringObj("sha1_hash", -1) ); Tcl_ListObjAppendElement( interp, certPtr, Tcl_NewStringObj(sha_hash_ascii, SHA_DIGEST_LENGTH * 2) ); #endif Tcl_ListObjAppendElement( interp, certPtr, Tcl_NewStringObj( "subject", -1) ); Tcl_ListObjAppendElement( interp, certPtr, Tcl_NewStringObj( subject, -1) ); |
︙ | ︙ |