Check-in [3d5e70d1d5]
Bounty program for improvements to Tcl and certain Tcl packages.
Overview
Comment:Updated to generate DH parameters more dynamically
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | tls-1-7
Files: files | file ages | folders
SHA1: 3d5e70d1d57b32ffc890cf789718629e250789ca
User & Date: rkeene on 2016-12-01 21:36:04
Other Links: branch diff | manifest | tags
Context
2016-12-01
21:51
Updated to support a deterministic mode check-in: bf7f82b5e8 user: rkeene tags: tls-1-7
21:36
Updated to generate DH parameters more dynamically check-in: 3d5e70d1d5 user: rkeene tags: tls-1-7
20:51
Removed unused source file check-in: 2f2650a648 user: rkeene tags: tls-1-7
Changes

Modified .fossil-settings/ignore-glob from [7f5dc4586d] to [103e76cae5].

13
14
15
16
17
18
19

13
14
15
16
17
18
19
20






+
tcltls.a
tls.o
tlsBIO.o
tlsIO.o
tlsX509.o
tls.tcl.h
build/work
dh_params.h

Modified Makefile.in from [767056b489] to [e516302d1e].

1
2
3
4
5

6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26

27
28
29
30
31
32
33
34
35
36
37





38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57

58
59
60
61
62
63
64
65
66
67
68
1
2
3
4

5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25

26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74



-
+




















-
+











+
+
+
+
+




















+











CC = @[email protected]
AR = @[email protected]
RANLIB = @[email protected]
CFLAGS = @[email protected] @[email protected]
CPPFLAGS = @[email protected] [email protected]@ @[email protected]
CPPFLAGS = @[email protected] [email protected]@ -I. @[email protected]
LDFLAGS = @[email protected] @[email protected]
LIBS = @[email protected]
INSTALL = @[email protected]
PACKAGE_VERSION = @[email protected]
TCL_PACKAGE_PATH = @[email protected]
PACKAGE_INSTALL_DIR = $(TCL_PACKAGE_PATH)/tcltls$(PACKAGE_VERSION)

all: @[email protected]

# The shared object target
[email protected]@: tls.o tlsBIO.o tlsIO.o tlsX509.o
	$(CC) $(CPPFLAGS) $(CFLAGS) $(LDFLAGS) -o [email protected]@ tls.o tlsBIO.o tlsIO.o tlsX509.o $(LIBS)

# The static target
tcltls.a: tls.o tlsBIO.o tlsIO.o tlsX509.o
	$(AR) rcu tcltls.a.new tls.o tlsBIO.o tlsIO.o tlsX509.o
	$(RANLIB) tcltls.a.new
	mv tcltls.a.new tcltls.a

# Dependencies for all our targets
tls.o: @[email protected]/tls.c @[email protected]/tlsInt.h @[email protected]/tclOpts.h @[email protected]/tls.tcl.h
tls.o: @[email protected]/tls.c @[email protected]/tlsInt.h @[email protected]/tclOpts.h @[email protected]/tls.tcl.h dh_params.h
tlsBIO.o: @[email protected]/tlsBIO.c @[email protected]/tlsInt.h
tlsIO.o: @[email protected]/tlsIO.c @[email protected]/tlsInt.h
tlsX509.o: @[email protected]/tlsX509.c @[email protected]/tlsInt.h

# Create a C-source-ified version of the script resources
# for TclTLS so that we only need a single file to enable
# this extension
@[email protected]/tls.tcl.h: @[email protected]/tls.tcl
	xxd -i < '@[email protected]/tls.tcl' > '@[email protected]/tls.tcl.h.new'
	mv '@[email protected]/tls.tcl.h.new' '@[email protected]/tls.tcl.h'

# Create default DH parameters
dh_params.h: @[email protected]/gen_dh_params
	@[email protected]/gen_dh_params > dh_params.h.new
	mv dh_params.h.new dh_params.h

# Generic target for building files from the "srcdir"
# tree -- the default target will not match paths
%.o: @[email protected]/%.c
	$(CC) $(CPPFLAGS) $(CFLAGS) -o "[email protected]" -c "$<"

# Install the extension
install: @[email protected] pkgIndex.tcl
	$(INSTALL) -d '$(DESTDIR)$(PACKAGE_INSTALL_DIR)'
	$(INSTALL) -t '$(DESTDIR)$(PACKAGE_INSTALL_DIR)' @[email protected] pkgIndex.tcl

# Clean the local build directory for rebuild against the same configuration
clean:
	rm -f tls.o tlsBIO.o tlsIO.o tlsX509.o
	rm -f [email protected]@
	rm -f tcltls.a.new tcltls.a

# Clean the local build directory back to what it was after unpacking the
# distribution tarball
distclean: clean
	rm -f config.log config.status
	rm -f dh_params.h.new dh_params.h
	rm -f Makefile pkgIndex.tcl

# Clean the local build directory back to only thing things that exist in
# version control system
mrproper: distclean
	rm -f @[email protected]/tls.tcl.h
	rm -f @[email protected]/configure @[email protected]/config.sub @[email protected]/config.guess @[email protected]/install-sh
	rm -f @[email protected]/aclocal.m4
	rm -rf @[email protected]/aclocal @[email protected]/autom4te.cache

.PHONY: all install clean distclean mrproper

Added gen_dh_params version [a7290cba5e].
























































































1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
#! /usr/bin/env bash

bits='2048'

function openssl_dhparam() {
	local output

	if [ -x "$(which openssl 2>/dev/null)" ]; then
		output="$(set -o pipefail; openssl dhparam -C "[email protected]" 2>/dev/null | sed '/^-----BEGIN DH PARAMETERS-----$/,/^-----END DH PARAMETERS-----$/ d;/^#/ d')" || return 1

		echo "${output}"

		return 0
	fi

	return 1
}

function gen_dh_params_openssl() {
	openssl_dhparam "${bits}" < /dev/null || return 1
	return 0
}

function gen_dh_params_remote() {
	local input output url

	url="https://2ton.com.au/dhparam/${bits}"

	input="$(curl "${url}")" || \
		input="$(wget -O - -o /dev/null "${url}")" || return 1

	if output="$(echo "${input}" | openssl_dhparam)"; then
		echo "${output}"

		return 0
	fi

	return 1
}

function gen_dh_params_fallback() {
	cat << \_EOF_
DH *get_dh2048()
	{
	static unsigned char dh2048_p[]={
		0xC1,0x51,0x58,0x69,0xFB,0xE8,0x6C,0x47,0x2B,0x86,0x61,0x4F,
		0x20,0x2E,0xD3,0xFC,0x19,0xEE,0xB8,0xF3,0x35,0x7D,0xBA,0x86,
		0x2A,0xC3,0xC8,0x6E,0xF4,0x99,0x75,0x65,0xD3,0x7A,0x9E,0xDF,
		0xD4,0x1F,0x88,0xE3,0x17,0xFC,0xA1,0xED,0xA2,0xB6,0x77,0x84,
		0xAA,0x08,0xF2,0x97,0x59,0x7A,0xA0,0x03,0x0D,0x3E,0x7E,0x6D,
		0x65,0x6A,0xA4,0xEA,0x54,0xA9,0x52,0x5F,0x63,0xB4,0xBC,0x98,
		0x4E,0xF6,0xE1,0xA4,0xEE,0x16,0x0A,0xB0,0x01,0xBD,0x9F,0xA1,
		0xE8,0x23,0x29,0x56,0x40,0x95,0x13,0xEB,0xCB,0xD5,0xFC,0x76,
		0x1A,0x41,0x26,0xCE,0x20,0xEB,0x30,0x10,0x17,0x07,0xE1,0x8C,
		0xAC,0x57,0x37,0x8B,0xE8,0x01,0xDE,0xA9,0xEF,0xA4,0xC2,0xA4,
		0x6E,0x48,0x25,0x11,0x33,0x11,0xD4,0x52,0x79,0x87,0x9F,0x75,
		0x61,0xF7,0x9C,0x7D,0x36,0x41,0xCB,0xEC,0x8F,0xEA,0x4A,0x47,
		0x6A,0x36,0x37,0x75,0xB9,0x8E,0xF5,0x5F,0x67,0xCF,0x1F,0xD8,
		0xCA,0x70,0x42,0xC7,0xA2,0xED,0x0F,0x7D,0xBE,0x43,0x08,0x28,
		0x66,0x3D,0xDD,0x87,0x0D,0x61,0x6E,0xD0,0xE7,0x49,0xD1,0x70,
		0xA9,0x4D,0xD5,0xFD,0xED,0xF2,0x6D,0x32,0x17,0x97,0x5B,0x06,
		0x60,0x9C,0x5F,0xA3,0x5D,0x34,0x14,0x7E,0x63,0x54,0xE4,0x7E,
		0x09,0x8F,0xBB,0x8E,0xA0,0xD0,0x96,0xAC,0x30,0x20,0x39,0x3B,
		0x8C,0x92,0x65,0x37,0x0A,0x8F,0xEC,0x72,0x8B,0x61,0x7D,0x62,
		0x24,0x54,0xE9,0x1D,0x01,0x68,0x89,0xC4,0x7B,0x3C,0x48,0x62,
		0x9B,0x83,0x11,0x3A,0x0B,0x0D,0xEF,0x5A,0xE4,0x7A,0xA0,0x69,
		0xF4,0x54,0xB5,0x5B,
		};
	static unsigned char dh2048_g[]={
		0x02,
		};
	DH *dh;

	if ((dh=DH_new()) == NULL) return(NULL);
	dh->p=BN_bin2bn(dh2048_p,sizeof(dh2048_p),NULL);
	dh->g=BN_bin2bn(dh2048_g,sizeof(dh2048_g),NULL);
	if ((dh->p == NULL) || (dh->g == NULL))
		{ DH_free(dh); return(NULL); }
	return(dh);
	}
_EOF_
}

gen_dh_params_openssl && exit 0
gen_dh_params_remote && exit 0
gen_dh_params_fallback && exit 0

exit 1

Modified tls.c from [b151916d75] to [05e974345e].

75
76
77
78
79
80
81
82
83

84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
75
76
77
78
79
80
81


82










































83
84
85
86
87
88
89






-
-
+
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-







#define ENABLED(flag, mask)	(((flag) & (mask)) == (mask))

/*
 * Static data structures
 */

#ifndef OPENSSL_NO_DH
/* code derived from output of 'openssl dhparam -C 2048' */

#include "dh_params.h"
static unsigned char dh2048_p[]={
	0xEC,0xFD,0x6F,0x66,0xD8,0xBC,0xB4,0xCB,0xD7,0xE7,0xB4,0xAE,
	0xEC,0xC0,0x06,0x25,0x40,0x9F,0x3F,0xC4,0xAC,0x34,0x19,0x36,
	0x8A,0xAB,0xA9,0xF6,0x45,0x36,0x87,0x1F,0x10,0x35,0x3F,0x90,
	0x00,0xC6,0x7A,0xE8,0x51,0xF4,0x7F,0x50,0x0F,0xC2,0x82,0x91,
	0xAD,0x60,0x1B,0x49,0xB1,0x0B,0x23,0xC3,0x37,0xAE,0x0D,0x2C,
	0x49,0xC6,0xFB,0x60,0x9D,0x50,0x2F,0x8C,0x2F,0xDE,0xE6,0x5F,
	0x53,0x8B,0x5F,0xF9,0x70,0x16,0xEE,0x51,0xD1,0xAB,0x02,0x48,
	0x61,0xF1,0xA0,0xD7,0xBD,0x04,0x24,0xF0,0xE4,0xD1,0x0A,0x4C,
	0x28,0xDC,0x22,0x78,0x7C,0xED,0x2A,0xFA,0xF4,0x57,0x7C,0xAE,
	0xDF,0x52,0xC6,0xA2,0x11,0x28,0xC5,0x3B,0xB8,0x2F,0x95,0x3F,
	0x1E,0x05,0x66,0xFE,0x7D,0x1A,0x73,0xA0,0x45,0xF8,0xBB,0x8C,
	0x64,0xB9,0xA9,0x4D,0x23,0xBE,0x20,0x60,0xA2,0xF7,0xC7,0xD8,
	0xD8,0x49,0x28,0x9A,0x81,0xAC,0xF9,0x7F,0x3C,0xFC,0xBE,0x25,
	0x5B,0x1D,0xB6,0xAB,0x08,0x06,0x11,0x8D,0x94,0x69,0x3C,0x68,
	0x98,0x5A,0x90,0xF8,0xEB,0x19,0xCA,0x9F,0x1C,0x50,0x96,0x53,
	0xEF,0xEC,0x1B,0x93,0x4F,0x53,0xB7,0xD9,0x04,0x8E,0x48,0x99,
	0x6E,0x24,0xFF,0x66,0xF5,0xB0,0xDF,0x00,0xBA,0x22,0xE2,0xB6,
	0xE3,0x3A,0xC2,0x95,0xB1,0x14,0x68,0xFB,0xA5,0x37,0x22,0x78,
	0x56,0x5C,0xA4,0x23,0x31,0x02,0x97,0x7D,0xA9,0x84,0x0B,0x12,
	0x26,0x58,0x2F,0x86,0x10,0xAD,0xB0,0xAB,0xB9,0x7B,0x05,0x9A,
	0xDE,0x11,0xF1,0xE7,0x34,0xC7,0x95,0x42,0x1C,0x4F,0xA9,0xA8,
	0x92,0xDF,0x3F,0x7B,
	};
static unsigned char dh2048_g[]={
	0x02,
};


static DH *get_dh2048()
{
    DH *dh=NULL;

    if ((dh=DH_new()) == NULL) return(NULL);

    dh->p=BN_bin2bn(dh2048_p,sizeof(dh2048_p),NULL);
    dh->g=BN_bin2bn(dh2048_g,sizeof(dh2048_g),NULL);

    if ((dh->p == NULL) || (dh->g == NULL))
	return(NULL);
    return(dh);
}
#endif

/*
 * Defined in Tls_Init to determine what kind of channels we are using
 * (old-style 8.2.0-8.3.1 or new-style 8.3.2+).
 */
int channelTypeVersion;