Index: generic/tls.c ================================================================== --- generic/tls.c +++ generic/tls.c @@ -296,22 +296,24 @@ type = "Handshake"; break; case SSL3_RT_APPLICATION_DATA: type = "App Data"; break; +#if OPENSSL_VERSION_NUMBER < 0x30000000L case DTLS1_RT_HEARTBEAT: type = "Heartbeat"; break; +#endif default: type = "unknown"; } /* Needs compile time option "enable-ssl-trace". */ if ((bio = BIO_new(BIO_s_mem())) != NULL) { int n; SSL_trace(write_p, version, content_type, buf, len, ssl, (void *)bio); - n = BIO_read(bio, buffer, min(BIO_pending(bio), 14999)); + n = BIO_read(bio, buffer, BIO_pending(bio) < 15000 ? BIO_pending(bio) : 14999); n = (n<0) ? 0 : n; buffer[n] = 0; (void)BIO_flush(bio); BIO_free(bio); } @@ -482,11 +484,10 @@ *------------------------------------------------------------------- */ void KeyLogCallback(const SSL *ssl, const char *line) { char *str = getenv(SSLKEYLOGFILE); FILE *fd; - (void *) ssl; dprintf("Called"); if (str) { fd = fopen(str, "a"); @@ -595,11 +596,11 @@ * 1 = success where app retains session in session cache, and must call SSL_SESSION_free() when done. * *------------------------------------------------------------------- */ static int -SessionCallback(const SSL *ssl, SSL_SESSION *session) { +SessionCallback(SSL *ssl, SSL_SESSION *session) { State *statePtr = (State*)SSL_get_app_data((SSL *)ssl); Tcl_Interp *interp = statePtr->interp; Tcl_Obj *cmdPtr; const unsigned char *ticket; const unsigned char *session_id; @@ -662,11 +663,11 @@ * protocols are configured for this connection. The connection continues. * *------------------------------------------------------------------- */ static int -ALPNCallback(const SSL *ssl, const unsigned char **out, unsigned char *outlen, +ALPNCallback(SSL *ssl, const unsigned char **out, unsigned char *outlen, const unsigned char *in, unsigned int inlen, void *arg) { State *statePtr = (State*)arg; Tcl_Interp *interp = statePtr->interp; Tcl_Obj *cmdPtr; int code, res; @@ -676,11 +677,11 @@ if (ssl == NULL || arg == NULL) { return SSL_TLSEXT_ERR_NOACK; } /* Select protocol */ - if (SSL_select_next_proto(out, outlen, statePtr->protos, statePtr->protos_len, + if (SSL_select_next_proto((unsigned char **) out, outlen, statePtr->protos, statePtr->protos_len, in, inlen) == OPENSSL_NPN_NEGOTIATED) { /* Match found */ res = SSL_TLSEXT_ERR_OK; } else { /* OPENSSL_NPN_NO_OVERLAP = No overlap, so use first item from client protocol list */ @@ -694,11 +695,11 @@ /* Create command to eval */ cmdPtr = Tcl_DuplicateObj(statePtr->vcmd); Tcl_ListObjAppendElement(interp, cmdPtr, Tcl_NewStringObj("alpn", -1)); Tcl_ListObjAppendElement(interp, cmdPtr, Tcl_NewStringObj(Tcl_GetChannelName(statePtr->self), -1)); - Tcl_ListObjAppendElement(interp, cmdPtr, Tcl_NewStringObj(*out, -1)); + Tcl_ListObjAppendElement(interp, cmdPtr, Tcl_NewStringObj((const char *) *out, -1)); Tcl_ListObjAppendElement(interp, cmdPtr, Tcl_NewBooleanObj(res == SSL_TLSEXT_ERR_OK)); /* Eval callback command */ Tcl_IncrRefCount(cmdPtr); if ((code = EvalCallback(interp, statePtr, cmdPtr)) > 1) { @@ -784,11 +785,11 @@ SNICallback(const SSL *ssl, int *alert, void *arg) { State *statePtr = (State*)arg; Tcl_Interp *interp = statePtr->interp; Tcl_Obj *cmdPtr; int code, res; - char *servername = NULL; + const char *servername = NULL; dprintf("Called"); if (ssl == NULL || arg == NULL) { return SSL_TLSEXT_ERR_NOACK; @@ -851,11 +852,11 @@ * SSL_CLIENT_HELLO_SUCCESS: success * *------------------------------------------------------------------- */ static int -HelloCallback(const SSL *ssl, int *alert, void *arg) { +HelloCallback(SSL *ssl, int *alert, void *arg) { State *statePtr = (State*)arg; Tcl_Interp *interp = statePtr->interp; Tcl_Obj *cmdPtr; int code, res; const char *servername; @@ -2086,11 +2087,11 @@ /* Get protocol */ LAPPEND_STR(interp, objPtr, "protocol", SSL_get_version(ssl), -1); /* Renegotiation allowed */ - LAPPEND_BOOL(interp, objPtr, "renegotiation_allowed", SSL_get_secure_renegotiation_support(ssl)); + LAPPEND_BOOL(interp, objPtr, "renegotiation_allowed", SSL_get_secure_renegotiation_support((SSL *) ssl)); /* Get security level */ LAPPEND_INT(interp, objPtr, "security_level", SSL_get_security_level(ssl)); /* Session info */ @@ -2160,11 +2161,11 @@ if (session != NULL) { const unsigned char *ticket; size_t len2; unsigned int ulen; const unsigned char *session_id, *proto; - char buffer[SSL_MAX_MASTER_KEY_LENGTH]; + unsigned char buffer[SSL_MAX_MASTER_KEY_LENGTH]; /* Report the selected protocol as a result of the ALPN negotiation */ SSL_SESSION_get0_alpn_selected(session, &proto, &len2); LAPPEND_STR(interp, objPtr, "alpn", (char *) proto, (Tcl_Size) len2); @@ -2197,12 +2198,14 @@ /* Session ticket lifetime hint (in seconds) */ LAPPEND_LONG(interp, objPtr, "lifetime", SSL_SESSION_get_ticket_lifetime_hint(session)); /* Ticket app data */ - SSL_SESSION_get0_ticket_appdata(session, &ticket, &len2); +#if OPENSSL_VERSION_NUMBER < 0x30000000L + SSL_SESSION_get0_ticket_appdata((SSL_SESSION *) session, &ticket, &len2); LAPPEND_BARRAY(interp, objPtr, "ticket_app_data", ticket, (Tcl_Size) len2); +#endif /* Get master key */ len2 = SSL_SESSION_get_master_key(session, buffer, SSL_MAX_MASTER_KEY_LENGTH); LAPPEND_BARRAY(interp, objPtr, "master_key", buffer, (Tcl_Size) len2); Index: generic/tlsDigest.c ================================================================== --- generic/tlsDigest.c +++ generic/tlsDigest.c @@ -150,13 +150,12 @@ int DigestInitialize(Tcl_Interp *interp, DigestState *statePtr, Tcl_Obj *digestObj, Tcl_Obj *cipherObj, Tcl_Obj *keyObj, Tcl_Obj *macObj) { int res = 0, type = statePtr->format & 0xFF0; const EVP_MD *md = NULL; const EVP_CIPHER *cipher = NULL; - const void *key = NULL, *iv = NULL, *salt = NULL; + const void *key = NULL; Tcl_Size key_len = 0; - (void *) macObj; dprintf("Called"); /* Get digest */ md = Util_GetDigest(interp, digestObj, type != TYPE_CMAC); @@ -241,11 +240,11 @@ switch(statePtr->format & 0xFF0) { case TYPE_MD: res = EVP_DigestUpdate(statePtr->ctx, buf, (size_t) read); break; case TYPE_HMAC: - res = HMAC_Update(statePtr->hctx, buf, (size_t) read); + res = HMAC_Update(statePtr->hctx, (const unsigned char *) buf, (size_t) read); break; case TYPE_CMAC: res = CMAC_Update(statePtr->cctx, buf, (size_t) read); break; } @@ -399,11 +398,14 @@ Tcl_Obj *resultObj; Tcl_Size written, toWrite; if (DigestFinalize(statePtr->interp, statePtr, &resultObj) == TCL_OK) { unsigned char *data = Tcl_GetByteArrayFromObj(resultObj, &toWrite); - written = Tcl_WriteRaw(parent, data, toWrite); + written = Tcl_WriteRaw(parent, (const char *) data, toWrite); + if (written != toWrite) { + /* Error */ + } Tcl_DecrRefCount(resultObj); } statePtr->flags |= CHAN_EOF; } @@ -514,11 +516,11 @@ if (toWrite <= 0 || statePtr->self == (Tcl_Channel) NULL) { return 0; } /* Update hash function */ - if (DigestUpdate(statePtr, buf, (Tcl_Size) toWrite, 0) != TCL_OK) { + if (DigestUpdate(statePtr, (char *) buf, (Tcl_Size) toWrite, 0) != TCL_OK) { Tcl_SetChannelError(statePtr->self, Tcl_ObjPrintf("Update failed: %s", GET_ERR_REASON())); *errorCodePtr = EINVAL; return 0; } return toWrite; @@ -902,11 +904,11 @@ */ int DigestInstanceObjCmd(ClientData clientData, Tcl_Interp *interp, int objc, Tcl_Obj *const objv[]) { DigestState *statePtr = (DigestState *) clientData; int fn; Tcl_Size data_len = 0; - char *data = NULL; + unsigned char *data = NULL; static const char *instance_fns [] = { "finalize", "update", NULL }; dprintf("Called"); /* Validate arg count */ @@ -929,11 +931,11 @@ Tcl_WrongNumArgs(interp, 1, objv, "update data"); return TCL_ERROR; } /* Update hash function */ - if (DigestUpdate(statePtr, data, data_len, 1) != TCL_OK) { + if (DigestUpdate(statePtr, (char *) data, data_len, 1) != TCL_OK) { return TCL_ERROR; } } else { /* Finalize hash function and calculate message digest */ @@ -1032,11 +1034,11 @@ * *------------------------------------------------------------------- */ int DigestDataHandler(Tcl_Interp *interp, Tcl_Obj *dataObj, Tcl_Obj *digestObj, Tcl_Obj *cipherObj, int format, Tcl_Obj *keyObj, Tcl_Obj *macObj) { - char *data; + unsigned char *data; Tcl_Size data_len; DigestState *statePtr; dprintf("Called"); @@ -1053,11 +1055,11 @@ return TCL_ERROR; } /* Calc Digest */ if (DigestInitialize(interp, statePtr, digestObj, cipherObj, keyObj, macObj) != TCL_OK || - DigestUpdate(statePtr, data, data_len, 1) != TCL_OK || + DigestUpdate(statePtr, (char *) data, data_len, 1) != TCL_OK || DigestFinalize(interp, statePtr, NULL) != TCL_OK) { DigestStateFree(statePtr); return TCL_ERROR; } @@ -1118,11 +1120,11 @@ /* Read file data and update hash function */ while (!Tcl_Eof(chan)) { Tcl_Size len = Tcl_ReadRaw(chan, (char *) buf, BUFFER_SIZE); if (len > 0) { - if ((res = DigestUpdate(statePtr, &buf[0], len, 1)) != TCL_OK) { + if ((res = DigestUpdate(statePtr, (char *) &buf[0], len, 1)) != TCL_OK) { goto done; } } } Index: generic/tlsEncrypt.c ================================================================== --- generic/tlsEncrypt.c +++ generic/tlsEncrypt.c @@ -136,11 +136,11 @@ *------------------------------------------------------------------- */ int EncryptInitialize(Tcl_Interp *interp, int type, EVP_CIPHER_CTX **ctx, Tcl_Obj *cipherObj, Tcl_Obj *keyObj, Tcl_Obj *ivObj) { const EVP_CIPHER *cipher; - char *keyString = NULL, *ivString = NULL; + void *keyString = NULL, *ivString = NULL; Tcl_Size key_len = 0, iv_len = 0; int res, max; unsigned char key[EVP_MAX_KEY_LENGTH], iv[EVP_MAX_IV_LENGTH]; dprintf("Called"); @@ -156,22 +156,22 @@ } /* Get key - Only support internally defined cipher lengths. Custom ciphers can be up to size_t bytes. */ max = EVP_CIPHER_key_length(cipher); - keyString = (const void *) Util_GetKey(interp, keyObj, &key_len, "key", max, FALSE); + keyString = Util_GetKey(interp, keyObj, &key_len, "key", max, 0); if (keyString != NULL) { - memcpy((void *) key, (const void *) keyString, (size_t) key_len); + memcpy((void *) key, keyString, (size_t) key_len); } else if (keyObj != NULL) { return TCL_ERROR; } /* Get IV */ max = EVP_CIPHER_iv_length(cipher); - ivString = (const void *) Util_GetIV(interp, ivObj, &iv_len, max, FALSE); + ivString = Util_GetIV(interp, ivObj, &iv_len, max, 0); if (ivString != NULL) { - memcpy((void *) iv, (const void *) ivString, (size_t) iv_len); + memcpy((void *) iv, ivString, (size_t) iv_len); } else if (ivObj != NULL) { return TCL_ERROR; } /* Create context */ @@ -399,11 +399,11 @@ read = Tcl_ReadRaw(parent, in_buf, (Tcl_Size) toRead); /* Update function */ if (read > 0) { /* Have data - Update function */ - if (EncryptUpdate(statePtr->interp, statePtr->type, statePtr->ctx, buf, &out_len, in_buf, read) == TCL_OK) { + if (EncryptUpdate(statePtr->interp, statePtr->type, statePtr->ctx, (unsigned char *) buf, &out_len, (unsigned char *) in_buf, read) == TCL_OK) { /* If have data, put in buf, otherwise tell TCL to try again */ if (out_len > 0) { read = (Tcl_Size) out_len; } else { *errorCodePtr = EAGAIN; @@ -419,11 +419,11 @@ /* Error */ *errorCodePtr = Tcl_GetErrno(); } else if (!(statePtr->flags & CHAN_EOF)) { /* EOF - Finalize function and put any remaining data in buf */ - if (EncryptFinalize(statePtr->interp, statePtr->type, statePtr->ctx, buf, &out_len) == TCL_OK) { + if (EncryptFinalize(statePtr->interp, statePtr->type, statePtr->ctx, (unsigned char *) buf, &out_len) == TCL_OK) { read = (Tcl_Size) out_len; } else { Tcl_SetChannelError(statePtr->self, Tcl_ObjPrintf("Finalize failed: %s", GET_ERR_REASON())); *errorCodePtr = EINVAL; read = 0; @@ -464,11 +464,11 @@ } out_buf = Tcl_Alloc((Tcl_Size) toWrite+EVP_MAX_BLOCK_LENGTH); /* Update function */ - if (EncryptUpdate(statePtr->interp, statePtr->type, statePtr->ctx, out_buf, &out_len, buf, (Tcl_Size) toWrite) == TCL_OK) { + if (EncryptUpdate(statePtr->interp, statePtr->type, statePtr->ctx, (unsigned char *) out_buf, &out_len, (unsigned char *) buf, (Tcl_Size) toWrite) == TCL_OK) { /* If have data, output it, otherwise tell TCL to try again */ if (out_len > 0) { Tcl_Channel parent = Tcl_GetStackedChannel(statePtr->self); write = (int) Tcl_WriteRaw(parent, (const char *) out_buf, (Tcl_Size) out_len); write = toWrite; @@ -742,11 +742,10 @@ static int EncryptChannelHandler(Tcl_Interp *interp, int type, const char *channel, Tcl_Obj *cipherObj, Tcl_Obj *digestObj, Tcl_Obj *keyObj, Tcl_Obj *ivObj) { int mode; /* OR-ed combination of TCL_READABLE and TCL_WRITABLE */ Tcl_Channel chan; EncryptState *statePtr; - (void *) digestObj; dprintf("Called"); /* Validate args */ if (channel == (const char *) NULL) { @@ -862,11 +861,11 @@ */ int EncryptInstanceObjCmd(ClientData clientData, Tcl_Interp *interp, int objc, Tcl_Obj *const objv[]) { EncryptState *statePtr = (EncryptState *) clientData; int fn, out_len; Tcl_Size data_len = 0; - char *data = NULL; + unsigned char *data = NULL; Tcl_Obj *resultObj; unsigned char *out_buf; static const char *instance_fns [] = { "finalize", "update", NULL }; dprintf("Called"); @@ -966,11 +965,10 @@ */ int EncryptCommandHandler(Tcl_Interp *interp, int type, Tcl_Obj *cmdObj, Tcl_Obj *cipherObj, Tcl_Obj *digestObj, Tcl_Obj *keyObj, Tcl_Obj *ivObj) { EncryptState *statePtr; char *cmdName = Tcl_GetStringFromObj(cmdObj, (Tcl_Size *) NULL); - (void *) digestObj; dprintf("Called"); if ((statePtr = EncryptStateNew(interp, type)) == NULL) { Tcl_AppendResult(interp, "Memory allocation error", (char *) NULL); @@ -1014,11 +1012,10 @@ EVP_CIPHER_CTX *ctx = NULL; int out_len = 0, len = 0, res = TCL_OK; Tcl_Size data_len = 0; unsigned char *data, *out_buf; Tcl_Obj *resultObj; - (void *) digestObj; dprintf("Called"); /* Get data */ if (dataObj != NULL) { @@ -1085,11 +1082,10 @@ EVP_CIPHER_CTX *ctx = NULL; int total = 0, res, out_len = 0, len; Tcl_Channel in = NULL, out = NULL; unsigned char in_buf[BUFFER_SIZE]; unsigned char out_buf[BUFFER_SIZE+EVP_MAX_BLOCK_LENGTH]; - (void *) digestObj; dprintf("Called"); /* Open input file */ if ((in = Tcl_FSOpenFileChannel(interp, inFileObj, "rb", 0444)) == (Tcl_Channel) NULL) { Index: generic/tlsIO.c ================================================================== --- generic/tlsIO.c +++ generic/tlsIO.c @@ -71,11 +71,10 @@ * *------------------------------------------------------------------- */ static int TlsCloseProc(ClientData instanceData, Tcl_Interp *interp) { State *statePtr = (State *) instanceData; - (void *) interp; dprintf("TlsCloseProc(%p)", (void *) statePtr); Tls_Clean(statePtr); Tcl_EventuallyFree((ClientData)statePtr, Tls_Free); @@ -227,32 +226,32 @@ dprintf("I/O error occurred (errno = %lu)", (unsigned long) Tcl_GetErrno()); *errorCodePtr = Tcl_GetErrno(); if (*errorCodePtr == ECONNRESET) { *errorCodePtr = ECONNABORTED; } - Tls_Error(statePtr, Tcl_ErrnoMsg(Tcl_GetErrno())); + Tls_Error(statePtr, (char *) Tcl_ErrnoMsg(Tcl_GetErrno())); } else { dprintf("I/O error occurred (backingError = %lu)", backingError); *errorCodePtr = backingError; if (*errorCodePtr == ECONNRESET) { *errorCodePtr = ECONNABORTED; } - Tls_Error(statePtr, ERR_reason_error_string(backingError)); + Tls_Error(statePtr, (char *) ERR_reason_error_string(backingError)); } statePtr->flags |= TLS_TCL_HANDSHAKE_FAILED; return(-1); case SSL_ERROR_SSL: /* A non-recoverable, fatal error in the SSL library occurred, usually a protocol error */ dprintf("SSL_ERROR_SSL: Got permanent fatal SSL error, aborting immediately"); if (backingError != 0) { - Tls_Error(statePtr, ERR_reason_error_string(backingError)); + Tls_Error(statePtr, (char *) ERR_reason_error_string(backingError)); } if (SSL_get_verify_result(statePtr->ssl) != X509_V_OK) { - Tls_Error(statePtr, X509_verify_cert_error_string(SSL_get_verify_result(statePtr->ssl))); + Tls_Error(statePtr, (char *) X509_verify_cert_error_string(SSL_get_verify_result(statePtr->ssl))); } statePtr->flags |= TLS_TCL_HANDSHAKE_FAILED; *errorCodePtr = ECONNABORTED; return(-1); @@ -365,11 +364,11 @@ case SSL_ERROR_SSL: /* A non-recoverable, fatal error in the SSL library occurred, usually a protocol error */ dprintf("SSL error, indicating that the connection has been aborted"); if (backingError != 0) { - Tls_Error(statePtr, ERR_reason_error_string(backingError)); + Tls_Error(statePtr, (char *) ERR_reason_error_string(backingError)); } *errorCodePtr = ECONNABORTED; bytesRead = -1; #if OPENSSL_VERSION_NUMBER >= 0x30000000L @@ -394,17 +393,17 @@ } else if (backingError == 0 && bytesRead == -1) { dprintf("I/O error occurred (errno = %lu)", (unsigned long) Tcl_GetErrno()); *errorCodePtr = Tcl_GetErrno(); bytesRead = -1; - Tls_Error(statePtr, Tcl_ErrnoMsg(Tcl_GetErrno())); + Tls_Error(statePtr, (char *) Tcl_ErrnoMsg(Tcl_GetErrno())); } else { dprintf("I/O error occurred (backingError = %lu)", backingError); *errorCodePtr = backingError; bytesRead = -1; - Tls_Error(statePtr, ERR_reason_error_string(backingError)); + Tls_Error(statePtr, (char *) ERR_reason_error_string(backingError)); } break; case SSL_ERROR_ZERO_RETURN: dprintf("Got SSL_ERROR_ZERO_RETURN, this means an EOF has been reached"); @@ -561,25 +560,25 @@ } else if (backingError == 0 && written == -1) { dprintf("I/O error occurred (errno = %lu)", (unsigned long) Tcl_GetErrno()); *errorCodePtr = Tcl_GetErrno(); written = -1; - Tls_Error(statePtr, Tcl_ErrnoMsg(Tcl_GetErrno())); + Tls_Error(statePtr, (char *) Tcl_ErrnoMsg(Tcl_GetErrno())); } else { dprintf("I/O error occurred (backingError = %lu)", backingError); *errorCodePtr = backingError; written = -1; - Tls_Error(statePtr, ERR_reason_error_string(backingError)); + Tls_Error(statePtr, (char *) ERR_reason_error_string(backingError)); } break; case SSL_ERROR_SSL: /* A non-recoverable, fatal error in the SSL library occurred, usually a protocol error */ dprintf("SSL error, indicating that the connection has been aborted"); if (backingError != 0) { - Tls_Error(statePtr, ERR_reason_error_string(backingError)); + Tls_Error(statePtr, (char *) ERR_reason_error_string(backingError)); } *errorCodePtr = ECONNABORTED; written = -1; break; @@ -942,8 +941,8 @@ NULL, /* Wide seek proc */ NULL, /* Thread action */ NULL /* Truncate */ }; -Tcl_ChannelType *Tls_ChannelType(void) { +const Tcl_ChannelType *Tls_ChannelType(void) { return &tlsChannelType; } Index: generic/tlsInfo.c ================================================================== --- generic/tlsInfo.c +++ generic/tlsInfo.c @@ -67,11 +67,11 @@ */ int CipherInfo(Tcl_Interp *interp, Tcl_Obj *nameObj) { const EVP_CIPHER *cipher; Tcl_Obj *resultObj, *listObj; unsigned long flags, mode; - unsigned char *modeName = NULL; + char *modeName = NULL; char *name = Tcl_GetStringFromObj(nameObj, (Tcl_Size *) NULL); /* Get cipher */ cipher = EVP_get_cipherbyname(name); @@ -378,11 +378,11 @@ if (sk != NULL) { Tcl_Obj *resultObj = NULL; if (!verbose) { - char *cp; + const char *cp; resultObj = Tcl_NewListObj(0, NULL); if (resultObj == NULL) { res = TCL_ERROR; goto done; } @@ -392,11 +392,11 @@ if (c == NULL) continue; /* cipher name or (NONE) */ cp = SSL_CIPHER_get_name(c); if (cp == NULL) break; - Tcl_ListObjAppendElement(interp, resultObj, Tcl_NewStringObj(cp, -1)); + Tcl_ListObjAppendElement(interp, resultObj, Tcl_NewStringObj((char *) cp, -1)); } } else { char buf[BUFSIZ]; resultObj = Tcl_NewStringObj("", 0); @@ -447,14 +447,13 @@ * None. * *------------------------------------------------------------------- */ int DigestInfo(Tcl_Interp *interp, Tcl_Obj *nameObj) { - EVP_MD *md; + const EVP_MD *md; Tcl_Obj *resultObj, *listObj; unsigned long flags; - int res = TCL_OK; char *name = Tcl_GetStringFromObj(nameObj, (Tcl_Size *) NULL); /* Get message digest */ md = EVP_get_digestbyname(name); Index: generic/tlsInt.h ================================================================== --- generic/tlsInt.h +++ generic/tlsInt.h @@ -177,11 +177,11 @@ SSL *ssl; /* Struct for SSL processing */ SSL_CTX *ctx; /* SSL Context */ BIO *bio; /* Struct for SSL processing */ BIO *p_bio; /* Parent BIO (that is layered on Tcl_Channel) */ - char *protos; /* List of supported protocols in protocol format */ + unsigned char *protos; /* List of supported protocols in protocol format */ unsigned int protos_len; /* Length of protos */ char *err; } State; @@ -192,11 +192,11 @@ #endif /* USE_TCL_STUBS */ /* * Forward declarations */ -Tcl_ChannelType *Tls_ChannelType(void); +const Tcl_ChannelType *Tls_ChannelType(void); Tcl_Channel Tls_GetParent(State *statePtr, int maskFlags); Tcl_Obj *Tls_NewX509Obj(Tcl_Interp *interp, X509 *cert); Tcl_Obj *Tls_NewCAObj(Tcl_Interp *interp, const SSL *ssl, int peer); void Tls_Error(State *statePtr, char *msg); Index: generic/tlsKDF.c ================================================================== --- generic/tlsKDF.c +++ generic/tlsKDF.c @@ -79,17 +79,17 @@ return TCL_ERROR; } switch(fn) { case _opt_cipher: - if ((cipher = Util_GetCipher(interp, objv[idx], TRUE)) == NULL) { + if ((cipher = Util_GetCipher(interp, objv[idx], 1)) == NULL) { return TCL_ERROR; } break; case _opt_digest: case _opt_hash: - if ((md = Util_GetDigest(interp, objv[idx], TRUE)) == NULL) { + if ((md = Util_GetDigest(interp, objv[idx], 1)) == NULL) { return TCL_ERROR; } break; case _opt_iter: if (Util_GetInt(interp, objv[idx], &iter, "iterations", 1, -1) != TCL_OK) { @@ -96,18 +96,18 @@ return TCL_ERROR; } break; case _opt_key: case _opt_password: - pass = Util_GetKey(interp, objv[idx], &pass_len, command_opts[fn], 0, FALSE); + pass = Util_GetKey(interp, objv[idx], &pass_len, (char *) command_opts[fn], 0, 0); break; case _opt_salt: GET_OPT_BYTE_ARRAY(objv[idx], salt, &salt_len); break; case _opt_length: case _opt_size: - if (Util_GetInt(interp, objv[idx], &dk_len, command_opts[fn], 1, buf_len) != TCL_OK) { + if (Util_GetInt(interp, objv[idx], &dk_len, (char *) command_opts[fn], 1, buf_len) != TCL_OK) { return TCL_ERROR; } break; } } @@ -128,11 +128,11 @@ ivlen = EVP_CIPHER_iv_length(cipher); dk_len = iklen+ivlen; } /* Derive key */ - if (!PKCS5_PBKDF2_HMAC(pass, (int) pass_len, salt, (int) salt_len, iter, md, dk_len, tmpkeyiv)) { + if (!PKCS5_PBKDF2_HMAC((const char *) pass, (int) pass_len, salt, (int) salt_len, iter, md, dk_len, tmpkeyiv)) { Tcl_AppendResult(interp, "Key derivation failed: ", GET_ERR_REASON(), (char *) NULL); return TCL_ERROR; } /* Set result to key and iv */ @@ -204,30 +204,30 @@ } switch(fn) { case _opt_digest: case _opt_hash: - if ((md = Util_GetDigest(interp, objv[idx], TRUE)) == NULL) { + if ((md = Util_GetDigest(interp, objv[idx], 1)) == NULL) { goto error; } break; case _opt_info: /* Max 1024/2048 */ GET_OPT_BYTE_ARRAY(objv[idx], info, &info_len); break; case _opt_key: case _opt_password: - if ((key = Util_GetKey(interp, objv[idx], &key_len, command_opts[fn], 0, 1)) == NULL) { + if ((key = Util_GetKey(interp, objv[idx], &key_len, (char *) command_opts[fn], 0, 1)) == NULL) { goto error; } break; case _opt_salt: GET_OPT_BYTE_ARRAY(objv[idx], salt, &salt_len); break; case _opt_length: case _opt_size: - if (Util_GetInt(interp, objv[idx], &dk_len, command_opts[fn], 1, 0) != TCL_OK) { + if (Util_GetInt(interp, objv[idx], &dk_len, (char *) command_opts[fn], 1, 0) != TCL_OK) { goto error; } break; } } @@ -321,11 +321,11 @@ EVP_PKEY_CTX *pctx = NULL; unsigned char *salt = NULL, *pass = NULL, *out = NULL; Tcl_Size salt_len = 0, pass_len = 0; int dk_len = 64, res = TCL_OK; Tcl_Size fn; - uint64_t N = 0, p = 0, r = 0, maxmem = 0; + Tcl_WideInt N = 0, p = 0, r = 0, maxmem = 0; size_t out_len; Tcl_Obj *resultObj; (void) clientData; dprintf("Called"); @@ -361,11 +361,11 @@ case _opt_salt: GET_OPT_BYTE_ARRAY(objv[idx], salt, &salt_len); break; case _opt_length: case _opt_size: - if (Util_GetInt(interp, objv[idx], &dk_len, command_opts[fn], 1, 0) != TCL_OK) { + if (Util_GetInt(interp, objv[idx], &dk_len, (char *) command_opts[fn], 1, 0) != TCL_OK) { goto error; } break; case _opt_N: case _opt_n: @@ -401,27 +401,27 @@ Tcl_AppendResult(interp, "Initialize failed: ", GET_ERR_REASON(), (char *) NULL); goto error; } /* Set config parameters */ - if (EVP_PKEY_CTX_set1_pbe_pass(pctx, pass, (int) pass_len) < 1) { + if (EVP_PKEY_CTX_set1_pbe_pass(pctx, (const char *) pass, (int) pass_len) < 1) { Tcl_AppendResult(interp, "Set key failed: ", GET_ERR_REASON(), (char *) NULL); goto error; } if (EVP_PKEY_CTX_set1_scrypt_salt(pctx, salt, (int) salt_len) < 1) { Tcl_AppendResult(interp, "Set salt failed: ", GET_ERR_REASON(), (char *) NULL); goto error; } - if (N != 0 && EVP_PKEY_CTX_set_scrypt_N(pctx, N) < 1) { + if (N != 0 && EVP_PKEY_CTX_set_scrypt_N(pctx, (uint64_t) N) < 1) { Tcl_AppendResult(interp, "Set cost parameter (N) failed: ", GET_ERR_REASON(), (char *) NULL); goto error; } - if (r != 0 && EVP_PKEY_CTX_set_scrypt_r(pctx, r) < 1) { + if (r != 0 && EVP_PKEY_CTX_set_scrypt_r(pctx, (uint64_t) r) < 1) { Tcl_AppendResult(interp, "Set lock size parameter (r) failed: ", GET_ERR_REASON(), (char *) NULL); goto error; } - if (p != 0 && EVP_PKEY_CTX_set_scrypt_p(pctx, p) < 1) { + if (p != 0 && EVP_PKEY_CTX_set_scrypt_p(pctx, (uint64_t) p) < 1) { Tcl_AppendResult(interp, "Set Parallelization parameter (p) failed: ", GET_ERR_REASON(), (char *) NULL); goto error; } if (maxmem != 0 && EVP_PKEY_CTX_set_scrypt_maxmem_bytes(pctx, maxmem) < 1) { Tcl_AppendResult(interp, "Set max memory failed: ", GET_ERR_REASON(), (char *) NULL); Index: generic/tlsX509.c ================================================================== --- generic/tlsX509.c +++ generic/tlsX509.c @@ -60,11 +60,11 @@ if (listPtr == NULL) { return NULL; } - if (exts = X509_get0_extensions(cert)) { + if ((exts = X509_get0_extensions(cert)) != NULL) { for (int i=0; i < X509_get_ext_count(cert); i++) { X509_EXTENSION *ex = sk_X509_EXTENSION_value(exts, i); ASN1_OBJECT *obj = X509_EXTENSION_get_object(ex); /* ASN1_OCTET_STRING *data = X509_EXTENSION_get_data(ex); */ int critical = X509_EXTENSION_get_critical(ex); @@ -75,20 +75,20 @@ } /* * Get Authority and Subject Key Identifiers */ -Tcl_Obj *Tls_x509Identifier(ASN1_OCTET_STRING *astring) { +Tcl_Obj *Tls_x509Identifier(const ASN1_OCTET_STRING *astring) { Tcl_Obj *resultPtr = NULL; int len = 0; - char buffer[1024]; + unsigned char buffer[1024]; if (astring != NULL) { - len = String_to_Hex(ASN1_STRING_get0_data(astring), + len = String_to_Hex((unsigned char *) ASN1_STRING_get0_data(astring), ASN1_STRING_length(astring), buffer, 1024); } - resultPtr = Tcl_NewStringObj(buffer, (Tcl_Size) len); + resultPtr = Tcl_NewStringObj((char *) &buffer[0], (Tcl_Size) len); return resultPtr; } /* * Get Key Usage @@ -201,15 +201,15 @@ if (listPtr == NULL) { return NULL; } - if (names = X509_get_ext_d2i(cert, nid, NULL, NULL)) { + if ((names = X509_get_ext_d2i(cert, nid, NULL, NULL)) != NULL) { for (int i=0; i < sk_GENERAL_NAME_num(names); i++) { const GENERAL_NAME *name = sk_GENERAL_NAME_value(names, i); - len = BIO_to_Buffer(name && GENERAL_NAME_print(bio, name), bio, buffer, 1024); + len = BIO_to_Buffer(name && GENERAL_NAME_print(bio, (GENERAL_NAME *) name), bio, buffer, 1024); LAPPEND_STR(interp, listPtr, NULL, buffer, (Tcl_Size) len); } sk_GENERAL_NAME_pop_free(names, GENERAL_NAME_free); } return listPtr; @@ -271,11 +271,11 @@ if (listPtr == NULL) { return NULL; } - if (crl = X509_get_ext_d2i(cert, NID_crl_distribution_points, NULL, NULL)) { + if ((crl = X509_get_ext_d2i(cert, NID_crl_distribution_points, NULL, NULL)) != NULL) { for (int i=0; i < sk_DIST_POINT_num(crl); i++) { DIST_POINT *dp = sk_DIST_POINT_value(crl, i); DIST_POINT_NAME *distpoint = dp->distpoint; if (distpoint->type == 0) { @@ -283,20 +283,20 @@ for (int j = 0; j < sk_GENERAL_NAME_num(distpoint->name.fullname); j++) { GENERAL_NAME *gen = sk_GENERAL_NAME_value(distpoint->name.fullname, j); int type; ASN1_STRING *uri = GENERAL_NAME_get0_value(gen, &type); if (type == GEN_URI) { - LAPPEND_STR(interp, listPtr, NULL, ASN1_STRING_get0_data(uri), (Tcl_Size) ASN1_STRING_length(uri)); + LAPPEND_STR(interp, listPtr, (char *) NULL, (char *) ASN1_STRING_get0_data(uri), (Tcl_Size) ASN1_STRING_length(uri)); } } } else if (distpoint->type == 1) { /* relative-name X509NAME */ STACK_OF(X509_NAME_ENTRY) *sk_relname = distpoint->name.relativename; for (int j = 0; j < sk_X509_NAME_ENTRY_num(sk_relname); j++) { X509_NAME_ENTRY *e = sk_X509_NAME_ENTRY_value(sk_relname, j); ASN1_STRING *d = X509_NAME_ENTRY_get_data(e); - LAPPEND_STR(interp, listPtr, NULL, ASN1_STRING_data(d), (Tcl_Size) ASN1_STRING_length(d)); + LAPPEND_STR(interp, listPtr, (char *) NULL, (char *) ASN1_STRING_data(d), (Tcl_Size) ASN1_STRING_length(d)); } } } CRL_DIST_POINTS_free(crl); } @@ -312,11 +312,11 @@ if (listPtr == NULL) { return NULL; } - if (ocsp = X509_get1_ocsp(cert)) { + if ((ocsp = X509_get1_ocsp(cert)) != NULL) { for (int i = 0; i < sk_OPENSSL_STRING_num(ocsp); i++) { LAPPEND_STR(interp, listPtr, NULL, sk_OPENSSL_STRING_value(ocsp, i), -1); } X509_email_free(ocsp); } @@ -331,17 +331,17 @@ ACCESS_DESCRIPTION *ad; Tcl_Obj *listPtr = Tcl_NewListObj(0, NULL); unsigned char *buf; int len; - if (ads = X509_get_ext_d2i(cert, NID_info_access, NULL, NULL)) { + if ((ads = X509_get_ext_d2i(cert, NID_info_access, NULL, NULL)) != NULL) { for (int i = 0; i < sk_ACCESS_DESCRIPTION_num(ads); i++) { ad = sk_ACCESS_DESCRIPTION_value(ads, i); if (OBJ_obj2nid(ad->method) == NID_ad_ca_issuers && ad->location) { if (ad->location->type == GEN_URI) { len = ASN1_STRING_to_UTF8(&buf, ad->location->d.uniformResourceIdentifier); - Tcl_ListObjAppendElement(interp, listPtr, Tcl_NewStringObj(buf, (Tcl_Size) len)); + Tcl_ListObjAppendElement(interp, listPtr, Tcl_NewStringObj((char *) buf, (Tcl_Size) len)); OPENSSL_free(buf); break; } } } @@ -373,10 +373,11 @@ Tcl_Obj* Tls_NewX509Obj(Tcl_Interp *interp, X509 *cert) { Tcl_Obj *certPtr = Tcl_NewListObj(0, NULL); BIO *bio = BIO_new(BIO_s_mem()); int mdnid, pknid, bits, len; + unsigned int ulen; uint32_t xflags; char buffer[BUFSIZ]; unsigned char md[EVP_MAX_MD_SIZE]; unsigned long flags = XN_FLAG_RFC2253 | ASN1_STRFLGS_UTF8_CONVERT; flags &= ~ASN1_STRFLGS_ESC_MSB; @@ -396,11 +397,11 @@ X509_get0_signature(&sig, &sig_alg, cert); /* sig_nid = X509_get_signature_nid(cert) */ sig_nid = OBJ_obj2nid(sig_alg->algorithm); LAPPEND_STR(interp, certPtr, "signatureAlgorithm", OBJ_nid2ln(sig_nid), -1); - len = (sig_nid != NID_undef) ? String_to_Hex(sig->data, sig->length, buffer, BUFSIZ) : 0; + len = (sig_nid != NID_undef) ? String_to_Hex(sig->data, sig->length, (unsigned char *) buffer, BUFSIZ) : 0; LAPPEND_STR(interp, certPtr, "signatureValue", buffer, (Tcl_Size) len); } /* Version of the encoded certificate - RFC 5280 section 4.1.2.1 */ LAPPEND_LONG(interp, certPtr, "version", X509_get_version(cert)+1); @@ -431,19 +432,19 @@ the subject public key field. RFC 5280 section 4.1.2.6 */ len = BIO_to_Buffer(X509_NAME_print_ex(bio, X509_get_subject_name(cert), 0, flags), bio, buffer, BUFSIZ); LAPPEND_STR(interp, certPtr, "subject", buffer, (Tcl_Size) len); /* SHA1 Digest (Fingerprint) of cert - DER representation */ - if (X509_digest(cert, EVP_sha1(), md, &len)) { - len = String_to_Hex(md, len, buffer, BUFSIZ); - LAPPEND_STR(interp, certPtr, "sha1_hash", buffer, (Tcl_Size) len); + if (X509_digest(cert, EVP_sha1(), md, &ulen)) { + len = String_to_Hex(md, len, (unsigned char *) buffer, BUFSIZ); + LAPPEND_STR(interp, certPtr, "sha1_hash", buffer, (Tcl_Size) ulen); } /* SHA256 Digest (Fingerprint) of cert - DER representation */ - if (X509_digest(cert, EVP_sha256(), md, &len)) { - len = String_to_Hex(md, len, buffer, BUFSIZ); - LAPPEND_STR(interp, certPtr, "sha256_hash", buffer, (Tcl_Size) len); + if (X509_digest(cert, EVP_sha256(), md, &ulen)) { + len = String_to_Hex(md, len, (unsigned char *) buffer, BUFSIZ); + LAPPEND_STR(interp, certPtr, "sha256_hash", buffer, (Tcl_Size) ulen); } /* Subject Public Key Info specifies the public key and identifies the algorithm with which the key is used. RFC 5280 section 4.1.2.7 */ if (X509_get_signature_info(cert, &mdnid, &pknid, &bits, &xflags)) { @@ -453,23 +454,23 @@ LAPPEND_STR(interp, certPtr, "signingDigest", OBJ_nid2ln(mdnid), -1); LAPPEND_STR(interp, certPtr, "publicKeyAlgorithm", OBJ_nid2ln(pknid), -1); LAPPEND_INT(interp, certPtr, "bits", bits); /* Effective security bits */ key = X509_get0_pubkey_bitstr(cert); - len = String_to_Hex(key->data, key->length, buffer, BUFSIZ); + len = String_to_Hex(key->data, key->length, (unsigned char *) buffer, BUFSIZ); LAPPEND_STR(interp, certPtr, "publicKey", buffer, (Tcl_Size) len); len = 0; if (X509_pubkey_digest(cert, EVP_get_digestbynid(pknid), md, &n)) { - len = String_to_Hex(md, (int)n, buffer, BUFSIZ); + len = String_to_Hex(md, (int) n, (unsigned char *) buffer, BUFSIZ); } LAPPEND_STR(interp, certPtr, "publicKeyHash", buffer, (Tcl_Size) len); /* digest of the DER representation of the certificate */ len = 0; if (X509_digest(cert, EVP_get_digestbynid(mdnid), md, &n)) { - len = String_to_Hex(md, (int)n, buffer, BUFSIZ); + len = String_to_Hex(md, (int) n, (unsigned char *) buffer, BUFSIZ); } LAPPEND_STR(interp, certPtr, "signatureHash", buffer, (Tcl_Size) len); } /* Certificate Purpose. Call before checking for extensions. */ @@ -493,18 +494,18 @@ const ASN1_BIT_STRING *iuid, *suid; X509_get0_uids(cert, &iuid, &suid); Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewStringObj("issuerUniqueId", -1)); if (iuid != NULL) { - Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewByteArrayObj((char *)iuid->data, (Tcl_Size) iuid->length)); + Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewByteArrayObj((const unsigned char *)iuid->data, (Tcl_Size) iuid->length)); } else { Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewStringObj("", -1)); } Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewStringObj("subjectUniqueId", -1)); if (suid != NULL) { - Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewByteArrayObj((char *)suid->data, (Tcl_Size) suid->length)); + Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewByteArrayObj((const unsigned char *)suid->data, (Tcl_Size) suid->length)); } else { Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewStringObj("", -1)); } } @@ -586,12 +587,14 @@ /* Certificate Alias. If uses a PKCS#12 structure, alias will reflect the friendlyName attribute (RFC 2985). */ { len = 0; - char *string = X509_alias_get0(cert, &len); - LAPPEND_STR(interp, certPtr, "alias", string, (Tcl_Size) len); + unsigned char *string = X509_alias_get0(cert, &len); + LAPPEND_STR(interp, certPtr, "alias", (char *) string, (Tcl_Size) len); + string = X509_keyid_get0 (cert, &len); + LAPPEND_STR(interp, certPtr, "keyId", (char *) string, (Tcl_Size) len); } /* Certificate and dump all data */ { char certStr[CERT_STR_SIZE]; Index: tests/badssl.csv ================================================================== --- tests/badssl.csv +++ tests/badssl.csv @@ -3,11 +3,11 @@ ,,,,,,,,,, command,# Find default CA certificates directory,,,,,,,,, command,if {[info exists ::env(SSL_CERT_FILE)]} {set ::cafile $::env(SSL_CERT_FILE)} else {set ::cafile [file normalize {C:\Users\Brian\Documents\Source\Build\SSL-1.1\certs\cacert.pem}]},,,,,,,,, ,,,,,,,,,, command,# Constraints,,,,,,,,, -command,source common.tcl,,,,,,,,, +command,source [file join [file dirname [info script]] common.tcl],,,,,,,,, ,,,,,,,,,, command,# Helper functions,,,,,,,,, command,"proc badssl {url} {set port 443;lassign [split $url "":""] url port;if {$port eq """"} {set port 443};set ch [tls::socket -autoservername 1 -require 1 -cafile $::cafile $url $port];if {[catch {tls::handshake $ch} err]} {close $ch;return -code error $err} else {close $ch}}",,,,,,,,, ,,,,,,,,,, command,# BadSSL.com Tests,,,,,,,,, Index: tests/badssl.test ================================================================== --- tests/badssl.test +++ tests/badssl.test @@ -12,11 +12,11 @@ # Find default CA certificates directory if {[info exists ::env(SSL_CERT_FILE)]} {set ::cafile $::env(SSL_CERT_FILE)} else {set ::cafile [file normalize {C:\Users\Brian\Documents\Source\Build\SSL-1.1\certs\cacert.pem}]} # Constraints -source common.tcl +source [file join [file dirname [info script]] common.tcl] # Helper functions proc badssl {url} {set port 443;lassign [split $url ":"] url port;if {$port eq ""} {set port 443};set ch [tls::socket -autoservername 1 -require 1 -cafile $::cafile $url $port];if {[catch {tls::handshake $ch} err]} {close $ch;return -code error $err} else {close $ch}} # BadSSL.com Tests Index: tests/digest.csv ================================================================== --- tests/digest.csv +++ tests/digest.csv @@ -1,10 +1,10 @@ # Group,Name,Constraints,Setup,Body,Cleanup,Match,Result,Output,Error Output,Return Codes command,package require tls,,,,,,,,, ,,,,,,,,,, command,# Constraints,,,,,,,,, -command,source common.tcl,,,,,,,,, +command,::tcltest::testConstraint md4 [expr {"md4" in [::tls::digests]}],,,,,,,,, ,,,,,,,,,, command,# Helper functions - See common.tcl,,,,,,,,, command,proc digest_read_chan {cmd filename args} {;set ch [open $filename rb];set bsize [fconfigure $ch -buffersize];set new [$cmd {*}$args -chan $ch];while {![eof $new]} {set md [read $new $bsize]};close $new;return $md},,,,,,,,, command,proc digest_write_chan {cmd filename data args} {;set ch [open $filename wb];set new [$cmd {*}$args -chan $ch];puts -nonewline $new $data;flush $new;close $new;set ch [open $filename rb];set md [read $ch];close $ch;return $md},,,,,,,,, command,proc digest_accumulate {string args} {;set cmd [{*}$args -command dcmd]; $cmd update [string range $string 0 20];$cmd update [string range $string 21 end];return [$cmd finalize]},$cmd update [string range $string 0 20];$cmd update [string range $string 21 end];return [$cmd finalize]},,,,,,,, @@ -14,62 +14,62 @@ command,"set test_alt_file ""md_alt_data.dat""",,,,,,,,, command,"set test_key ""Example key""",,,,,,,,, command,::tcltest::makeFile $test_data $test_file,,,,,,,,, ,,,,,,,,,, command,# Test short-cut commands,,,,,,,,, -Shortcut Cmds,md4 cmd,,,::tls::md4 $test_data,,,793399f792eca2752c6af3234ba70858,,, +Shortcut Cmds,md4 cmd,md4,,::tls::md4 $test_data,,,793399f792eca2752c6af3234ba70858,,, Shortcut Cmds,md5 cmd,,,::tls::md5 $test_data,,,962bf0803b4232ec23bd8427bb94ea09,,, Shortcut Cmds,sha1 cmd,,,::tls::sha1 $test_data,,,4fe03b7f2568551dfafb98ca6004e65c4b71aa7d,,, Shortcut Cmds,sha256 cmd,,,::tls::sha256 $test_data,,,9d3578fc138205cf0ee4b4cef35fe101bb4ecac7b1614c18e6fa48b5c7f95e19,,, Shortcut Cmds,sha512 cmd,,,::tls::sha512 $test_data,,,d178e759dc59127071588d2fad173c06238d87e800a6403c0a30daa4faaf05d0e7ce04916afaa6a58a30cbeb597dacb01c62f9fb9d89bab9da630c699e4816f1,,, ,,,,,,,,,, ,,,,,,,,,, command,# Test MD command for read channel,,,,,,,,, -MD Chan Read,md4,,,digest_read_chan ::tls::md $test_file -digest md4,,,793399f792eca2752c6af3234ba70858,,, +MD Chan Read,md4,md4,,digest_read_chan ::tls::md $test_file -digest md4,,,793399f792eca2752c6af3234ba70858,,, MD Chan Read,md5,,,digest_read_chan ::tls::md $test_file -digest md5,,,962bf0803b4232ec23bd8427bb94ea09,,, MD Chan Read,sha1,,,digest_read_chan ::tls::md $test_file -digest sha1,,,4fe03b7f2568551dfafb98ca6004e65c4b71aa7d,,, MD Chan Read,sha256,,,digest_read_chan ::tls::md $test_file -digest sha256,,,9d3578fc138205cf0ee4b4cef35fe101bb4ecac7b1614c18e6fa48b5c7f95e19,,, MD Chan Read,sha512,,,digest_read_chan ::tls::md $test_file -digest sha512,,,d178e759dc59127071588d2fad173c06238d87e800a6403c0a30daa4faaf05d0e7ce04916afaa6a58a30cbeb597dacb01c62f9fb9d89bab9da630c699e4816f1,,, MD Chan Read,md5 bin,,,binary encode hex [digest_read_chan ::tls::md $test_file -bin -digest md5],,,962bf0803b4232ec23bd8427bb94ea09,,, MD Chan Read,md5 hex,,,digest_read_chan ::tls::md $test_file -hex -digest md5,,,962bf0803b4232ec23bd8427bb94ea09,,, ,,,,,,,,,, command,# Test MD command for write channel,,,,,,,,, -MD Chan Write,md4,,,digest_write_chan ::tls::md $test_alt_file $test_data -digest md4,,,793399f792eca2752c6af3234ba70858,,, +MD Chan Write,md4,md4,,digest_write_chan ::tls::md $test_alt_file $test_data -digest md4,,,793399f792eca2752c6af3234ba70858,,, MD Chan Write,md5,,,digest_write_chan ::tls::md $test_alt_file $test_data -digest md5,,,962bf0803b4232ec23bd8427bb94ea09,,, MD Chan Write,sha1,,,digest_write_chan ::tls::md $test_alt_file $test_data -digest sha1,,,4fe03b7f2568551dfafb98ca6004e65c4b71aa7d,,, MD Chan Write,sha256,,,digest_write_chan ::tls::md $test_alt_file $test_data -digest sha256,,,9d3578fc138205cf0ee4b4cef35fe101bb4ecac7b1614c18e6fa48b5c7f95e19,,, MD Chan Write,sha512,,,digest_write_chan ::tls::md $test_alt_file $test_data -digest sha512,,,d178e759dc59127071588d2fad173c06238d87e800a6403c0a30daa4faaf05d0e7ce04916afaa6a58a30cbeb597dacb01c62f9fb9d89bab9da630c699e4816f1,,, MD Chan Write,md5 bin,,,binary encode hex [digest_write_chan ::tls::md $test_alt_file $test_data -bin -digest md5],,,962bf0803b4232ec23bd8427bb94ea09,,, MD Chan Write,md5 hex,,,digest_write_chan ::tls::md $test_alt_file $test_data -hex -digest md5,,,962bf0803b4232ec23bd8427bb94ea09,,, ,,,,,,,,,, command,# Test MD command for object command,,,,,,,,, -MD Command,md4,,,digest_accumulate $test_data ::tls::md -digest md4,,,793399f792eca2752c6af3234ba70858,,, +MD Command,md4,md4,,digest_accumulate $test_data ::tls::md -digest md4,,,793399f792eca2752c6af3234ba70858,,, MD Command,md5,,,digest_accumulate $test_data ::tls::md -digest md5,,,962bf0803b4232ec23bd8427bb94ea09,,, MD Command,sha1,,,digest_accumulate $test_data ::tls::md -digest sha1,,,4fe03b7f2568551dfafb98ca6004e65c4b71aa7d,,, MD Command,sha256,,,digest_accumulate $test_data ::tls::md -digest sha256,,,9d3578fc138205cf0ee4b4cef35fe101bb4ecac7b1614c18e6fa48b5c7f95e19,,, MD Command,sha512,,,digest_accumulate $test_data ::tls::md -digest sha512,,,d178e759dc59127071588d2fad173c06238d87e800a6403c0a30daa4faaf05d0e7ce04916afaa6a58a30cbeb597dacb01c62f9fb9d89bab9da630c699e4816f1,,, MD Command,md5 bin,,,binary encode hex [digest_accumulate $test_data ::tls::md -digest md5 -bin],,,962bf0803b4232ec23bd8427bb94ea09,,, MD Command,md5 hex,,,digest_accumulate $test_data ::tls::md -digest md5 -hex,,,962bf0803b4232ec23bd8427bb94ea09,,, ,,,,,,,,,, command,# Test MD command for data shortcut,,,,,,,,, -MD Shortcut,md4,,,::tls::md md4 $test_data,,,793399f792eca2752c6af3234ba70858,,, +MD Shortcut,md4,md4,,::tls::md md4 $test_data,,,793399f792eca2752c6af3234ba70858,,, MD Shortcut,md5,,,::tls::md md5 $test_data,,,962bf0803b4232ec23bd8427bb94ea09,,, MD Shortcut,sha1,,,::tls::md sha1 $test_data,,,4fe03b7f2568551dfafb98ca6004e65c4b71aa7d,,, MD Shortcut,sha256,,,::tls::md sha256 $test_data,,,9d3578fc138205cf0ee4b4cef35fe101bb4ecac7b1614c18e6fa48b5c7f95e19,,, MD Shortcut,sha512,,,::tls::md sha512 $test_data,,,d178e759dc59127071588d2fad173c06238d87e800a6403c0a30daa4faaf05d0e7ce04916afaa6a58a30cbeb597dacb01c62f9fb9d89bab9da630c699e4816f1,,, ,,,,,,,,,, command,# Test MD command for data,,,,,,,,, -MD Data,md4,,,::tls::md -digest md4 -data $test_data,,,793399f792eca2752c6af3234ba70858,,, +MD Data,md4,md4,,::tls::md -digest md4 -data $test_data,,,793399f792eca2752c6af3234ba70858,,, MD Data,md5,,,::tls::md -digest md5 -data $test_data,,,962bf0803b4232ec23bd8427bb94ea09,,, MD Data,sha1,,,::tls::md -digest sha1 -data $test_data,,,4fe03b7f2568551dfafb98ca6004e65c4b71aa7d,,, MD Data,sha256,,,::tls::md -digest sha256 -data $test_data,,,9d3578fc138205cf0ee4b4cef35fe101bb4ecac7b1614c18e6fa48b5c7f95e19,,, MD Data,sha512,,,::tls::md -digest sha512 -data $test_data,,,d178e759dc59127071588d2fad173c06238d87e800a6403c0a30daa4faaf05d0e7ce04916afaa6a58a30cbeb597dacb01c62f9fb9d89bab9da630c699e4816f1,,, MD Data,md5 bin,,,binary encode hex [::tls::md -digest md5 -data $test_data -bin],,,962bf0803b4232ec23bd8427bb94ea09,,, MD Data,md5 hex,,,::tls::md -digest md5 -data $test_data -hex,,,962bf0803b4232ec23bd8427bb94ea09,,, ,,,,,,,,,, command,# Test MD command for file,,,,,,,,, -MD File,md4,,,::tls::md -digest md4 -file $test_file,,,793399f792eca2752c6af3234ba70858,,, +MD File,md4,md4,,::tls::md -digest md4 -file $test_file,,,793399f792eca2752c6af3234ba70858,,, MD File,md5,,,::tls::md -digest md5 -file $test_file,,,962bf0803b4232ec23bd8427bb94ea09,,, MD File,sha1,,,::tls::md -digest sha1 -file $test_file,,,4fe03b7f2568551dfafb98ca6004e65c4b71aa7d,,, MD File,sha256,,,::tls::md -digest sha256 -file $test_file,,,9d3578fc138205cf0ee4b4cef35fe101bb4ecac7b1614c18e6fa48b5c7f95e19,,, MD File,sha512,,,::tls::md -digest sha512 -file $test_file,,,d178e759dc59127071588d2fad173c06238d87e800a6403c0a30daa4faaf05d0e7ce04916afaa6a58a30cbeb597dacb01c62f9fb9d89bab9da630c699e4816f1,,, MD File,md5 bin,,,binary encode hex [::tls::md -digest md5 -file $test_file -bin],,,962bf0803b4232ec23bd8427bb94ea09,,, Index: tests/digest.test ================================================================== --- tests/digest.test +++ tests/digest.test @@ -9,11 +9,11 @@ set auto_path [concat [list [file dirname [file dirname [info script]]]] $auto_path] package require tls # Constraints -source common.tcl +::tcltest::testConstraint md4 [expr {"md4" in [::tls::digests]}] # Helper functions - See common.tcl proc digest_read_chan {cmd filename args} {;set ch [open $filename rb];set bsize [fconfigure $ch -buffersize];set new [$cmd {*}$args -chan $ch];while {![eof $new]} {set md [read $new $bsize]};close $new;return $md} proc digest_write_chan {cmd filename data args} {;set ch [open $filename wb];set new [$cmd {*}$args -chan $ch];puts -nonewline $new $data;flush $new;close $new;set ch [open $filename rb];set md [read $ch];close $ch;return $md} proc digest_accumulate {string args} {;set cmd [{*}$args -command dcmd]; $cmd update [string range $string 0 20];$cmd update [string range $string 21 end];return [$cmd finalize]} @@ -25,11 +25,11 @@ ::tcltest::makeFile $test_data $test_file # Test short-cut commands -test Shortcut_Cmds-1.1 {md4 cmd} -body { +test Shortcut_Cmds-1.1 {md4 cmd} -constraints {md4} -body { ::tls::md4 $test_data } -result {793399f792eca2752c6af3234ba70858} test Shortcut_Cmds-1.2 {md5 cmd} -body { ::tls::md5 $test_data @@ -49,11 +49,11 @@ # Test MD command for read channel -test MD_Chan_Read-2.1 {md4} -body { +test MD_Chan_Read-2.1 {md4} -constraints {md4} -body { digest_read_chan ::tls::md $test_file -digest md4 } -result {793399f792eca2752c6af3234ba70858} test MD_Chan_Read-2.2 {md5} -body { digest_read_chan ::tls::md $test_file -digest md5 @@ -80,11 +80,11 @@ } -result {962bf0803b4232ec23bd8427bb94ea09} # Test MD command for write channel -test MD_Chan_Write-3.1 {md4} -body { +test MD_Chan_Write-3.1 {md4} -constraints {md4} -body { digest_write_chan ::tls::md $test_alt_file $test_data -digest md4 } -result {793399f792eca2752c6af3234ba70858} test MD_Chan_Write-3.2 {md5} -body { digest_write_chan ::tls::md $test_alt_file $test_data -digest md5 @@ -111,11 +111,11 @@ } -result {962bf0803b4232ec23bd8427bb94ea09} # Test MD command for object command -test MD_Command-4.1 {md4} -body { +test MD_Command-4.1 {md4} -constraints {md4} -body { digest_accumulate $test_data ::tls::md -digest md4 } -result {793399f792eca2752c6af3234ba70858} test MD_Command-4.2 {md5} -body { digest_accumulate $test_data ::tls::md -digest md5 @@ -142,11 +142,11 @@ } -result {962bf0803b4232ec23bd8427bb94ea09} # Test MD command for data shortcut -test MD_Shortcut-5.1 {md4} -body { +test MD_Shortcut-5.1 {md4} -constraints {md4} -body { ::tls::md md4 $test_data } -result {793399f792eca2752c6af3234ba70858} test MD_Shortcut-5.2 {md5} -body { ::tls::md md5 $test_data @@ -165,11 +165,11 @@ } -result {d178e759dc59127071588d2fad173c06238d87e800a6403c0a30daa4faaf05d0e7ce04916afaa6a58a30cbeb597dacb01c62f9fb9d89bab9da630c699e4816f1} # Test MD command for data -test MD_Data-6.1 {md4} -body { +test MD_Data-6.1 {md4} -constraints {md4} -body { ::tls::md -digest md4 -data $test_data } -result {793399f792eca2752c6af3234ba70858} test MD_Data-6.2 {md5} -body { ::tls::md -digest md5 -data $test_data @@ -196,11 +196,11 @@ } -result {962bf0803b4232ec23bd8427bb94ea09} # Test MD command for file -test MD_File-7.1 {md4} -body { +test MD_File-7.1 {md4} -constraints {md4} -body { ::tls::md -digest md4 -file $test_file } -result {793399f792eca2752c6af3234ba70858} test MD_File-7.2 {md5} -body { ::tls::md -digest md5 -file $test_file Index: tests/encrypt.csv ================================================================== --- tests/encrypt.csv +++ tests/encrypt.csv @@ -1,11 +1,8 @@ # Group,Name,Constraints,Setup,Body,Cleanup,Match,Result,Output,Error Output,Return Codes command,package require tls,,,,,,,,, ,,,,,,,,,, -command,# Constraints,,,,,,,,, -command,source common.tcl,,,,,,,,, -,,,,,,,,,, command,# Helper functions - See common.tcl,,,,,,,,, command,"proc read_chan {filename args} {set ch [open $filename rb];set bsize [fconfigure $ch -buffersize];set new [{*}$args -chan $ch];set dat """";while {![eof $new]} {append dat [read $new $bsize]};close $new;return $dat}",,,,,,,,, command,proc write_chan {filename data args} {set ch [open $filename wb];set new [{*}$args -chan $ch];puts -nonewline $new $data;flush $new;close $new;set ch [open $filename rb];set dat [read $ch];close $ch;return $dat},,,,,,,,, command,"proc accumulate {string args} {set cmd [{*}$args -command dcmd];set ::dat """";append ::dat [$cmd update [string range $string 0 20]];append ::dat [$cmd update [string range $string 21 end]];append ::dat [$cmd finalize]}",$cmd update [string range $string 0 20];$cmd update [string range $string 21 end];return [$cmd finalize]},,,,,,,, command,proc get_file_hex {filename} {set ch [open $filename rb];set data [read $ch];close $ch;return [binary encode hex $data]},,,,,,,,, Index: tests/encrypt.test ================================================================== --- tests/encrypt.test +++ tests/encrypt.test @@ -8,13 +8,10 @@ set auto_path [concat [list [file dirname [file dirname [info script]]]] $auto_path] package require tls -# Constraints -source common.tcl - # Helper functions - See common.tcl proc read_chan {filename args} {set ch [open $filename rb];set bsize [fconfigure $ch -buffersize];set new [{*}$args -chan $ch];set dat "";while {![eof $new]} {append dat [read $new $bsize]};close $new;return $dat} proc write_chan {filename data args} {set ch [open $filename wb];set new [{*}$args -chan $ch];puts -nonewline $new $data;flush $new;close $new;set ch [open $filename rb];set dat [read $ch];close $ch;return $dat} proc accumulate {string args} {set cmd [{*}$args -command dcmd];set ::dat "";append ::dat [$cmd update [string range $string 0 20]];append ::dat [$cmd update [string range $string 21 end]];append ::dat [$cmd finalize]} proc get_file_hex {filename} {set ch [open $filename rb];set data [read $ch];close $ch;return [binary encode hex $data]} Index: tests/info.csv ================================================================== --- tests/info.csv +++ tests/info.csv @@ -3,11 +3,11 @@ ,,,,,,,,,, command,# Make sure path includes location of OpenSSL executable,,,,,,,,, command,"if {[info exists ::env(OPENSSL)]} {set ::env(path) [string cat [file join $::env(OPENSSL) bin] "";"" $::env(path)]}",,,,,,,,, ,,,,,,,,,, command,# Constraints,,,,,,,,, -command,source common.tcl,,,,,,,,, +command,source [file join [file dirname [info script]] common.tcl],,,,,,,,, ,,,,,,,,,, command,# Helper functions,,,,,,,,, command,"proc lcompare {list1 list2} {set m """";set u """";foreach i $list1 {if {$i ni $list2} {lappend m $i}};foreach i $list2 {if {$i ni $list1} {lappend u $i}};return [list ""missing"" $m ""unexpected"" $u]}",,,,,,,,, command,proc exec_get {delim args} {return [split [exec openssl {*}$args] $delim]},,,,,,,,, command,"proc exec_get_ciphers {} {set list [list];set data [exec openssl list -cipher-algorithms];foreach line [split $data ""\n""] {foreach {cipher null alias} [split [string trim $line]] {lappend list [string tolower $cipher]}};return [lsort -unique $list]}",,,,,,,,, Index: tests/info.test ================================================================== --- tests/info.test +++ tests/info.test @@ -12,11 +12,11 @@ # Make sure path includes location of OpenSSL executable if {[info exists ::env(OPENSSL)]} {set ::env(path) [string cat [file join $::env(OPENSSL) bin] ";" $::env(path)]} # Constraints -source common.tcl +source [file join [file dirname [info script]] common.tcl] # Helper functions proc lcompare {list1 list2} {set m "";set u "";foreach i $list1 {if {$i ni $list2} {lappend m $i}};foreach i $list2 {if {$i ni $list1} {lappend u $i}};return [list "missing" $m "unexpected" $u]} proc exec_get {delim args} {return [split [exec openssl {*}$args] $delim]} proc exec_get_ciphers {} {set list [list];set data [exec openssl list -cipher-algorithms];foreach line [split $data "\n"] {foreach {cipher null alias} [split [string trim $line]] {lappend list [string tolower $cipher]}};return [lsort -unique $list]}