Index: generic/tlsDigest.c ================================================================== --- generic/tlsDigest.c +++ generic/tlsDigest.c @@ -135,11 +135,11 @@ * *------------------------------------------------------------------- */ int Tls_DigestInit(Tcl_Interp *interp, DigestState *statePtr, const EVP_MD *md, const EVP_CIPHER *cipher, Tcl_Obj *keyObj) { - int key_len, res = 0; + int key_len = 0, res = 0; const unsigned char *key; /* Create message digest context */ if (statePtr->format & TYPE_MD) { statePtr->ctx = EVP_MD_CTX_new(); @@ -150,11 +150,11 @@ } else if (statePtr->format & TYPE_CMAC) { statePtr->cctx = CMAC_CTX_new(); res = (statePtr->cctx != NULL); } if (!res) { - Tcl_AppendResult(interp, "Create digest context failed: ", REASON(), NULL); + Tcl_AppendResult(interp, "Create context failed: ", REASON(), NULL); return TCL_ERROR; } /* Initialize hash function */ if (statePtr->format & TYPE_MD) { @@ -165,11 +165,11 @@ } else if (statePtr->format & TYPE_CMAC) { key = Tcl_GetByteArrayFromObj(keyObj, &key_len); res = CMAC_Init(statePtr->cctx, (const void *) key, key_len, cipher, NULL); } if (!res) { - Tcl_AppendResult(interp, "Initialize digest failed: ", REASON(), NULL); + Tcl_AppendResult(interp, "Initialize failed: ", REASON(), NULL); return TCL_ERROR; } return TCL_OK; } @@ -186,19 +186,23 @@ * Side effects: * Adds buf to hash function * *------------------------------------------------------------------- */ -int Tls_DigestUpdate(DigestState *statePtr, char *buf, size_t read) { +int Tls_DigestUpdate(DigestState *statePtr, char *buf, size_t read, int show) { int res = 0; if (statePtr->format & TYPE_MD) { res = EVP_DigestUpdate(statePtr->ctx, buf, read); } else if (statePtr->format & TYPE_HMAC) { res = HMAC_Update(statePtr->hctx, buf, read); } else if (statePtr->format & TYPE_CMAC) { res = CMAC_Update(statePtr->cctx, buf, read); + } + if (!res && show) { + Tcl_AppendResult(statePtr->interp, "Update failed: ", REASON(), NULL); + return TCL_ERROR; } return res; } /* @@ -232,11 +236,11 @@ size_t len; res = CMAC_Final(statePtr->cctx, md_buf, &len); md_len = (unsigned int) len; } if (!res) { - Tcl_AppendResult(interp, "Finalize digest failed: ", REASON(), NULL); + Tcl_AppendResult(interp, "Finalize failed: ", REASON(), NULL); return TCL_ERROR; } /* Return message digest as either a binary or hex string */ if (statePtr->format & BIN_FORMAT) { @@ -291,10 +295,11 @@ } Tcl_SetChannelBufferSize(chan, BUFFER_SIZE); /* Create state data struct */ if ((statePtr = Tls_DigestNew(interp, format)) == NULL) { + Tcl_AppendResult(interp, "Memory allocation error", (char *) NULL); res = TCL_ERROR; goto done; } /* Initialize hash function */ @@ -304,12 +309,11 @@ /* Read file data and update hash function */ while (!Tcl_Eof(chan)) { len = Tcl_ReadRaw(chan, (char *) buf, BUFFER_SIZE); if (len > 0) { - if (!Tls_DigestUpdate(statePtr, &buf[0], (size_t) len)) { - Tcl_AppendResult(interp, "Update digest failed: ", REASON(), NULL); + if (!Tls_DigestUpdate(statePtr, &buf[0], (size_t) len, 1)) { res = TCL_ERROR; goto done; } } } @@ -433,12 +437,12 @@ parent = Tcl_GetStackedChannel(statePtr->self); read = Tcl_ReadRaw(parent, buf, toRead); /* Update hash function */ if (read > 0) { - if (!Tls_DigestUpdate(statePtr, buf, (size_t) read)) { - Tcl_SetChannelError(statePtr->self, Tcl_ObjPrintf("Digest update failed: %s", REASON())); + if (!Tls_DigestUpdate(statePtr, buf, (size_t) read, 0)) { + Tcl_SetChannelError(statePtr->self, Tcl_ObjPrintf("Update failed: %s", REASON())); *errorCodePtr = EINVAL; return -1; } /* This is correct */ read = -1; @@ -462,11 +466,11 @@ size_t len; res = CMAC_Final(statePtr->cctx, md_buf, &len); md_len = (unsigned int) len; } if (!res) { - Tcl_SetChannelError(statePtr->self, Tcl_ObjPrintf("Digest finalize failed: %s", REASON())); + Tcl_SetChannelError(statePtr->self, Tcl_ObjPrintf("Finalize failed: %s", REASON())); *errorCodePtr = EINVAL; /* Write message digest to output channel as byte array or hex string */ } else if (md_len > 0) { if ((statePtr->format & BIN_FORMAT) && toRead >= (int) md_len) { @@ -514,12 +518,12 @@ if (toWrite <= 0 || statePtr->self == (Tcl_Channel) NULL) { return 0; } /* Update hash function */ - if (toWrite > 0 && !Tls_DigestUpdate(statePtr, buf, (size_t) toWrite)) { - Tcl_SetChannelError(statePtr->self, Tcl_ObjPrintf("Digest update failed: %s", REASON())); + if (toWrite > 0 && !Tls_DigestUpdate(statePtr, buf, (size_t) toWrite, 0)) { + Tcl_SetChannelError(statePtr->self, Tcl_ObjPrintf("Update failed: %s", REASON())); *errorCodePtr = EINVAL; return -1; } return toWrite; } @@ -799,11 +803,11 @@ /* Make sure to operate on the topmost channel */ chan = Tcl_GetTopChannel(chan); /* Create state data struct */ if ((statePtr = Tls_DigestNew(interp, format)) == NULL) { - Tcl_AppendResult(interp, "Initialize digest error: memory allocation failure", (char *) NULL); + Tcl_AppendResult(interp, "Memory allocation error", (char *) NULL); return TCL_ERROR; } statePtr->self = chan; statePtr->mode = mode; @@ -924,19 +928,17 @@ Tcl_WrongNumArgs(interp, 1, objv, "update data"); return TCL_ERROR; } /* Update hash function */ - if (!Tls_DigestUpdate(statePtr, buf, (size_t) len)) { - Tcl_SetObjResult(interp, Tcl_ObjPrintf("Digest update failed: %s", REASON())); + if (!Tls_DigestUpdate(statePtr, buf, (size_t) len, 1)) { return TCL_ERROR; } } else { /* Finalize hash function and calculate message digest */ if (Tls_DigestFinialize(interp, statePtr) != TCL_OK) { - Tcl_SetObjResult(interp, Tcl_ObjPrintf("Digest finalize failed: %s", REASON())); return TCL_ERROR; } Tcl_DeleteCommandFromToken(interp, statePtr->token); } @@ -985,11 +987,11 @@ DigestState *statePtr; char *cmdName = Tcl_GetStringFromObj(cmdObj, NULL); /* Create state data struct */ if ((statePtr = Tls_DigestNew(interp, format)) == NULL) { - Tcl_AppendResult(interp, "Initialize digest error: memory allocation failure", (char *) NULL); + Tcl_AppendResult(interp, "Memory allocation error", (char *) NULL); return TCL_ERROR; } /* Initialize hash function */ if (Tls_DigestInit(interp, statePtr, md, cipher, keyObj) != TCL_OK) { @@ -1063,11 +1065,11 @@ if ((statePtr = Tls_DigestNew(interp, format)) == NULL) { Tcl_AppendResult(interp, "Memory allocation error", (char *) NULL); return TCL_ERROR; } if (Tls_DigestInit(interp, statePtr, md, cipher, keyObj) != TCL_OK || - Tls_DigestUpdate(statePtr, data, (size_t) len) == 0 || + Tls_DigestUpdate(statePtr, data, (size_t) len, 1) == 0 || Tls_DigestFinialize(interp, statePtr) != TCL_OK) { Tls_DigestFree(statePtr); return TCL_ERROR; } Tls_DigestFree(statePtr); Index: generic/tlsX509.c ================================================================== --- generic/tlsX509.c +++ generic/tlsX509.c @@ -432,17 +432,17 @@ len = BIO_to_Buffer(X509_NAME_print_ex(bio, X509_get_subject_name(cert), 0, flags), bio, buffer, BUFSIZ); LAPPEND_STR(interp, certPtr, "subject", buffer, len); /* SHA1 Digest (Fingerprint) of cert - DER representation */ if (X509_digest(cert, EVP_sha1(), md, &len)) { - len = String_to_Hex(md, len, buffer, BUFSIZ); + len = String_to_Hex(md, len, buffer, BUFSIZ); LAPPEND_STR(interp, certPtr, "sha1_hash", buffer, len); } /* SHA256 Digest (Fingerprint) of cert - DER representation */ if (X509_digest(cert, EVP_sha256(), md, &len)) { - len = String_to_Hex(md, len, buffer, BUFSIZ); + len = String_to_Hex(md, len, buffer, BUFSIZ); LAPPEND_STR(interp, certPtr, "sha256_hash", buffer, len); } /* Subject Public Key Info specifies the public key and identifies the algorithm with which the key is used. RFC 5280 section 4.1.2.7 */ @@ -478,11 +478,11 @@ /* Get extensions flags */ xflags = X509_get_extension_flags(cert); LAPPEND_INT(interp, certPtr, "extFlags", xflags); - /* Check if cert was issued by CA cert issuer or self signed */ + /* Check if cert was issued by CA cert issuer or self signed */ LAPPEND_BOOL(interp, certPtr, "selfIssued", xflags & EXFLAG_SI); LAPPEND_BOOL(interp, certPtr, "selfSigned", xflags & EXFLAG_SS); LAPPEND_BOOL(interp, certPtr, "isProxyCert", xflags & EXFLAG_PROXY); LAPPEND_BOOL(interp, certPtr, "extInvalid", xflags & EXFLAG_INVALID); LAPPEND_BOOL(interp, certPtr, "isCACert", X509_check_ca(cert)); @@ -489,11 +489,11 @@ /* The Unique Ids are used to handle the possibility of reuse of subject and/or issuer names over time. RFC 5280 section 4.1.2.8 */ { const ASN1_BIT_STRING *iuid, *suid; - X509_get0_uids(cert, &iuid, &suid); + X509_get0_uids(cert, &iuid, &suid); Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewStringObj("issuerUniqueId", -1)); if (iuid != NULL) { Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewByteArrayObj((char *)iuid->data, iuid->length)); } else { @@ -514,11 +514,11 @@ /* Authority Key Identifier (AKI) is the Subject Key Identifier (SKI) of its signer (the CA). RFC 5280 section 4.2.1.1, NID_authority_key_identifier */ LAPPEND_OBJ(interp, certPtr, "authorityKeyIdentifier", Tls_x509Identifier(X509_get0_authority_key_id(cert))); - + /* Subject Key Identifier (SKI) is used to identify certificates that contain a particular public key. RFC 5280 section 4.2.1.2, NID_subject_key_identifier */ LAPPEND_OBJ(interp, certPtr, "subjectKeyIdentifier", Tls_x509Identifier(X509_get0_subject_key_id(cert)));