︙ | | |
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
|
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
|
-
+
-
+
-
+
-
+
+
+
+
+
|
* Side effects:
* No result or error message
*
*-------------------------------------------------------------------
*/
int Tls_DigestInit(Tcl_Interp *interp, DigestState *statePtr, const EVP_MD *md,
const EVP_CIPHER *cipher, Tcl_Obj *keyObj) {
int key_len, res = 0;
int key_len = 0, res = 0;
const unsigned char *key;
/* Create message digest context */
if (statePtr->format & TYPE_MD) {
statePtr->ctx = EVP_MD_CTX_new();
res = (statePtr->ctx != NULL);
} else if (statePtr->format & TYPE_HMAC) {
statePtr->hctx = HMAC_CTX_new();
res = (statePtr->hctx != NULL);
} else if (statePtr->format & TYPE_CMAC) {
statePtr->cctx = CMAC_CTX_new();
res = (statePtr->cctx != NULL);
}
if (!res) {
Tcl_AppendResult(interp, "Create digest context failed: ", REASON(), NULL);
Tcl_AppendResult(interp, "Create context failed: ", REASON(), NULL);
return TCL_ERROR;
}
/* Initialize hash function */
if (statePtr->format & TYPE_MD) {
res = EVP_DigestInit_ex(statePtr->ctx, md, NULL);
} else if (statePtr->format & TYPE_HMAC) {
key = Tcl_GetByteArrayFromObj(keyObj, &key_len);
res = HMAC_Init_ex(statePtr->hctx, (const void *) key, key_len, md, NULL);
} else if (statePtr->format & TYPE_CMAC) {
key = Tcl_GetByteArrayFromObj(keyObj, &key_len);
res = CMAC_Init(statePtr->cctx, (const void *) key, key_len, cipher, NULL);
}
if (!res) {
Tcl_AppendResult(interp, "Initialize digest failed: ", REASON(), NULL);
Tcl_AppendResult(interp, "Initialize failed: ", REASON(), NULL);
return TCL_ERROR;
}
return TCL_OK;
}
/*
*-------------------------------------------------------------------
*
* Tls_DigestUpdate --
*
* Update a hash function
*
* Returns:
* 1 if successful or 0 for failure
*
* Side effects:
* Adds buf to hash function
*
*-------------------------------------------------------------------
*/
int Tls_DigestUpdate(DigestState *statePtr, char *buf, size_t read) {
int Tls_DigestUpdate(DigestState *statePtr, char *buf, size_t read, int show) {
int res = 0;
if (statePtr->format & TYPE_MD) {
res = EVP_DigestUpdate(statePtr->ctx, buf, read);
} else if (statePtr->format & TYPE_HMAC) {
res = HMAC_Update(statePtr->hctx, buf, read);
} else if (statePtr->format & TYPE_CMAC) {
res = CMAC_Update(statePtr->cctx, buf, read);
}
if (!res && show) {
Tcl_AppendResult(statePtr->interp, "Update failed: ", REASON(), NULL);
return TCL_ERROR;
}
return res;
}
/*
*-------------------------------------------------------------------
*
|
︙ | | |
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
|
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
|
-
+
|
res = HMAC_Final(statePtr->hctx, md_buf, &md_len);
} else if (statePtr->format & TYPE_CMAC) {
size_t len;
res = CMAC_Final(statePtr->cctx, md_buf, &len);
md_len = (unsigned int) len;
}
if (!res) {
Tcl_AppendResult(interp, "Finalize digest failed: ", REASON(), NULL);
Tcl_AppendResult(interp, "Finalize failed: ", REASON(), NULL);
return TCL_ERROR;
}
/* Return message digest as either a binary or hex string */
if (statePtr->format & BIN_FORMAT) {
Tcl_SetObjResult(interp, Tcl_NewByteArrayObj(md_buf, md_len));
|
︙ | | |
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
|
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
|
+
-
+
-
|
if ((res = Tcl_SetChannelOption(interp, chan, "-translation", "binary")) == TCL_ERROR) {
goto done;
}
Tcl_SetChannelBufferSize(chan, BUFFER_SIZE);
/* Create state data struct */
if ((statePtr = Tls_DigestNew(interp, format)) == NULL) {
Tcl_AppendResult(interp, "Memory allocation error", (char *) NULL);
res = TCL_ERROR;
goto done;
}
/* Initialize hash function */
if ((res = Tls_DigestInit(interp, statePtr, md, cipher, keyObj)) != TCL_OK) {
goto done;
}
/* Read file data and update hash function */
while (!Tcl_Eof(chan)) {
len = Tcl_ReadRaw(chan, (char *) buf, BUFFER_SIZE);
if (len > 0) {
if (!Tls_DigestUpdate(statePtr, &buf[0], (size_t) len)) {
if (!Tls_DigestUpdate(statePtr, &buf[0], (size_t) len, 1)) {
Tcl_AppendResult(interp, "Update digest failed: ", REASON(), NULL);
res = TCL_ERROR;
goto done;
}
}
}
/* Finalize hash function and calculate message digest */
|
︙ | | |
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
|
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
|
-
-
+
+
|
/* Get bytes from underlying channel */
parent = Tcl_GetStackedChannel(statePtr->self);
read = Tcl_ReadRaw(parent, buf, toRead);
/* Update hash function */
if (read > 0) {
if (!Tls_DigestUpdate(statePtr, buf, (size_t) read)) {
Tcl_SetChannelError(statePtr->self, Tcl_ObjPrintf("Digest update failed: %s", REASON()));
if (!Tls_DigestUpdate(statePtr, buf, (size_t) read, 0)) {
Tcl_SetChannelError(statePtr->self, Tcl_ObjPrintf("Update failed: %s", REASON()));
*errorCodePtr = EINVAL;
return -1;
}
/* This is correct */
read = -1;
*errorCodePtr = EAGAIN;
|
︙ | | |
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
|
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
|
-
+
|
res = HMAC_Final(statePtr->hctx, md_buf, &md_len);
} else if (statePtr->format & TYPE_CMAC) {
size_t len;
res = CMAC_Final(statePtr->cctx, md_buf, &len);
md_len = (unsigned int) len;
}
if (!res) {
Tcl_SetChannelError(statePtr->self, Tcl_ObjPrintf("Digest finalize failed: %s", REASON()));
Tcl_SetChannelError(statePtr->self, Tcl_ObjPrintf("Finalize failed: %s", REASON()));
*errorCodePtr = EINVAL;
/* Write message digest to output channel as byte array or hex string */
} else if (md_len > 0) {
if ((statePtr->format & BIN_FORMAT) && toRead >= (int) md_len) {
read = md_len;
memcpy(buf, md_buf, read);
|
︙ | | |
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
|
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
|
-
-
+
+
|
/* Abort if nothing to process */
if (toWrite <= 0 || statePtr->self == (Tcl_Channel) NULL) {
return 0;
}
/* Update hash function */
if (toWrite > 0 && !Tls_DigestUpdate(statePtr, buf, (size_t) toWrite)) {
Tcl_SetChannelError(statePtr->self, Tcl_ObjPrintf("Digest update failed: %s", REASON()));
if (toWrite > 0 && !Tls_DigestUpdate(statePtr, buf, (size_t) toWrite, 0)) {
Tcl_SetChannelError(statePtr->self, Tcl_ObjPrintf("Update failed: %s", REASON()));
*errorCodePtr = EINVAL;
return -1;
}
return toWrite;
}
/*
|
︙ | | |
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
|
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
|
-
+
|
}
/* Make sure to operate on the topmost channel */
chan = Tcl_GetTopChannel(chan);
/* Create state data struct */
if ((statePtr = Tls_DigestNew(interp, format)) == NULL) {
Tcl_AppendResult(interp, "Initialize digest error: memory allocation failure", (char *) NULL);
Tcl_AppendResult(interp, "Memory allocation error", (char *) NULL);
return TCL_ERROR;
}
statePtr->self = chan;
statePtr->mode = mode;
/* Initialize hash function */
if (Tls_DigestInit(interp, statePtr, md, cipher, keyObj) != TCL_OK) {
|
︙ | | |
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
|
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
|
-
+
-
-
|
buf = Tcl_GetByteArrayFromObj(objv[2], &len);
} else {
Tcl_WrongNumArgs(interp, 1, objv, "update data");
return TCL_ERROR;
}
/* Update hash function */
if (!Tls_DigestUpdate(statePtr, buf, (size_t) len)) {
if (!Tls_DigestUpdate(statePtr, buf, (size_t) len, 1)) {
Tcl_SetObjResult(interp, Tcl_ObjPrintf("Digest update failed: %s", REASON()));
return TCL_ERROR;
}
} else {
/* Finalize hash function and calculate message digest */
if (Tls_DigestFinialize(interp, statePtr) != TCL_OK) {
Tcl_SetObjResult(interp, Tcl_ObjPrintf("Digest finalize failed: %s", REASON()));
return TCL_ERROR;
}
Tcl_DeleteCommandFromToken(interp, statePtr->token);
}
return TCL_OK;
}
|
︙ | | |
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
|
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
|
-
+
|
int Tls_DigestInstance(Tcl_Interp *interp, Tcl_Obj *cmdObj, const EVP_MD *md,
const EVP_CIPHER *cipher, int format, Tcl_Obj *keyObj) {
DigestState *statePtr;
char *cmdName = Tcl_GetStringFromObj(cmdObj, NULL);
/* Create state data struct */
if ((statePtr = Tls_DigestNew(interp, format)) == NULL) {
Tcl_AppendResult(interp, "Initialize digest error: memory allocation failure", (char *) NULL);
Tcl_AppendResult(interp, "Memory allocation error", (char *) NULL);
return TCL_ERROR;
}
/* Initialize hash function */
if (Tls_DigestInit(interp, statePtr, md, cipher, keyObj) != TCL_OK) {
return TCL_ERROR;
}
|
︙ | | |
1061
1062
1063
1064
1065
1066
1067
1068
1069
1070
1071
1072
1073
1074
1075
|
1063
1064
1065
1066
1067
1068
1069
1070
1071
1072
1073
1074
1075
1076
1077
|
-
+
|
DigestState *statePtr;
if ((statePtr = Tls_DigestNew(interp, format)) == NULL) {
Tcl_AppendResult(interp, "Memory allocation error", (char *) NULL);
return TCL_ERROR;
}
if (Tls_DigestInit(interp, statePtr, md, cipher, keyObj) != TCL_OK ||
Tls_DigestUpdate(statePtr, data, (size_t) len) == 0 ||
Tls_DigestUpdate(statePtr, data, (size_t) len, 1) == 0 ||
Tls_DigestFinialize(interp, statePtr) != TCL_OK) {
Tls_DigestFree(statePtr);
return TCL_ERROR;
}
Tls_DigestFree(statePtr);
return TCL_OK;
}
|
︙ | | |
︙ | | |
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
|
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
|
-
+
-
+
|
/* Subject identifies the entity associated with the public key stored in
the subject public key field. RFC 5280 section 4.1.2.6 */
len = BIO_to_Buffer(X509_NAME_print_ex(bio, X509_get_subject_name(cert), 0, flags), bio, buffer, BUFSIZ);
LAPPEND_STR(interp, certPtr, "subject", buffer, len);
/* SHA1 Digest (Fingerprint) of cert - DER representation */
if (X509_digest(cert, EVP_sha1(), md, &len)) {
len = String_to_Hex(md, len, buffer, BUFSIZ);
len = String_to_Hex(md, len, buffer, BUFSIZ);
LAPPEND_STR(interp, certPtr, "sha1_hash", buffer, len);
}
/* SHA256 Digest (Fingerprint) of cert - DER representation */
if (X509_digest(cert, EVP_sha256(), md, &len)) {
len = String_to_Hex(md, len, buffer, BUFSIZ);
len = String_to_Hex(md, len, buffer, BUFSIZ);
LAPPEND_STR(interp, certPtr, "sha256_hash", buffer, len);
}
/* Subject Public Key Info specifies the public key and identifies the
algorithm with which the key is used. RFC 5280 section 4.1.2.7 */
if (X509_get_signature_info(cert, &mdnid, &pknid, &bits, &xflags)) {
ASN1_BIT_STRING *key;
|
︙ | | |
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
|
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
|
-
+
-
+
|
LAPPEND_STR(interp, certPtr, "purpose", Tls_x509Purpose(cert), -1);
LAPPEND_OBJ(interp, certPtr, "certificatePurpose", Tls_x509Purposes(interp, cert));
/* Get extensions flags */
xflags = X509_get_extension_flags(cert);
LAPPEND_INT(interp, certPtr, "extFlags", xflags);
/* Check if cert was issued by CA cert issuer or self signed */
/* Check if cert was issued by CA cert issuer or self signed */
LAPPEND_BOOL(interp, certPtr, "selfIssued", xflags & EXFLAG_SI);
LAPPEND_BOOL(interp, certPtr, "selfSigned", xflags & EXFLAG_SS);
LAPPEND_BOOL(interp, certPtr, "isProxyCert", xflags & EXFLAG_PROXY);
LAPPEND_BOOL(interp, certPtr, "extInvalid", xflags & EXFLAG_INVALID);
LAPPEND_BOOL(interp, certPtr, "isCACert", X509_check_ca(cert));
/* The Unique Ids are used to handle the possibility of reuse of subject
and/or issuer names over time. RFC 5280 section 4.1.2.8 */
{
const ASN1_BIT_STRING *iuid, *suid;
X509_get0_uids(cert, &iuid, &suid);
X509_get0_uids(cert, &iuid, &suid);
Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewStringObj("issuerUniqueId", -1));
if (iuid != NULL) {
Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewByteArrayObj((char *)iuid->data, iuid->length));
} else {
Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewStringObj("", -1));
}
|
︙ | | |
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
|
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
|
-
+
|
LAPPEND_INT(interp, certPtr, "extCount", X509_get_ext_count(cert));
LAPPEND_OBJ(interp, certPtr, "extensions", Tls_x509Extensions(interp, cert));
/* Authority Key Identifier (AKI) is the Subject Key Identifier (SKI) of
its signer (the CA). RFC 5280 section 4.2.1.1, NID_authority_key_identifier */
LAPPEND_OBJ(interp, certPtr, "authorityKeyIdentifier",
Tls_x509Identifier(X509_get0_authority_key_id(cert)));
/* Subject Key Identifier (SKI) is used to identify certificates that contain
a particular public key. RFC 5280 section 4.2.1.2, NID_subject_key_identifier */
LAPPEND_OBJ(interp, certPtr, "subjectKeyIdentifier",
Tls_x509Identifier(X509_get0_subject_key_id(cert)));
/* Key usage extension defines the purpose (e.g., encipherment, signature, certificate
signing) of the key in the certificate. RFC 5280 section 4.2.1.3, NID_key_usage */
|
︙ | | |