Changes On Branch 2ed4afb942bd4c37

Changes In Branch openssl-1.1 Through [2ed4afb942] Excluding Merge-Ins

This is equivalent to a diff from 0409513536 to 2ed4afb942

2016-12-08
07:37
Integrated OpenSSL 1.1 patches check-in: a23ed6f309 user: rkeene tags: trunk
07:32
Do not try to set memory functions -- prototype is broken in newer version and older versions have bugs related to it check-in: bbe273b3dc user: rkeene tags: openssl-1.1
07:25
Whitspace formatting changes check-in: 2ed4afb942 user: rkeene tags: openssl-1.1
07:08
Updated fallback DH params for OpenSSL, supporting OpenSSL 1.1 and older versions check-in: bc2460fc22 user: rkeene tags: openssl-1.1
06:33
Create new branch named "openssl-1.1" check-in: 6a78084630 user: rkeene tags: openssl-1.1
04:26
Merged in work for TclTLS 1.7 to trunk check-in: 0409513536 user: rkeene tags: trunk
04:24
Updated to remove comment from rendered HTML in documentation check-in: ea2c60a999 user: rkeene tags: tls-1-7
2016-11-22
21:43
Merged in several outstanding patches check-in: 6aedc8c1b5 user: rkeene tags: trunk

115
116
117
118
119
120
121

122
123
124
125

126



127
128
129
130
131
132
133
134
135
	CPPFLAGS="${SAVE_CPPFLAGS} ${TCLTLS_SSL_CPPFLAGS}"

	dnl Verify that basic functionality is there
	AC_LANG_PUSH(C)
	AC_MSG_CHECKING([if a basic OpenSSL program works])
	AC_LINK_IFELSE([AC_LANG_PROGRAM([
#include <openssl/ssl.h>

#if (SSLEAY_VERSION_NUMBER >= 0x0907000L)
# include <openssl/conf.h>
#endif
		], [

  (void)SSL_library_init();



  SSL_load_error_strings();
  OPENSSL_config(NULL);
		])], [
		AC_MSG_RESULT([yes])
	], [
		AC_MSG_RESULT([no])
		AC_MSG_ERROR([Unable to compile a basic program using OpenSSL])
	])
	AC_LANG_POP([C])







>




>
|
>
>
>

<







115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132

133
134
135
136
137
138
139
	CPPFLAGS="${SAVE_CPPFLAGS} ${TCLTLS_SSL_CPPFLAGS}"

	dnl Verify that basic functionality is there
	AC_LANG_PUSH(C)
	AC_MSG_CHECKING([if a basic OpenSSL program works])
	AC_LINK_IFELSE([AC_LANG_PROGRAM([
#include <openssl/ssl.h>
#include <openssl/opensslv.h>
#if (SSLEAY_VERSION_NUMBER >= 0x0907000L)
# include <openssl/conf.h>
#endif
		], [
#if OPENSSL_VERSION_NUMBER < 0x10100000L
  SSL_library_init();
#else
  OPENSSL_init_ssl(0, NULL);
#endif
  SSL_load_error_strings();

		])], [
		AC_MSG_RESULT([yes])
	], [
		AC_MSG_RESULT([no])
		AC_MSG_ERROR([Unable to compile a basic program using OpenSSL])
	])
	AC_LANG_POP([C])
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
	fi

	return 1
}

gen_dh_params_fallback() {
	cat << \_EOF_
DH *get_dh2048()
	{
	static unsigned char dh2048_p[]={
		0xC1,0x51,0x58,0x69,0xFB,0xE8,0x6C,0x47,0x2B,0x86,0x61,0x4F,
		0x20,0x2E,0xD3,0xFC,0x19,0xEE,0xB8,0xF3,0x35,0x7D,0xBA,0x86,
		0x2A,0xC3,0xC8,0x6E,0xF4,0x99,0x75,0x65,0xD3,0x7A,0x9E,0xDF,
		0xD4,0x1F,0x88,0xE3,0x17,0xFC,0xA1,0xED,0xA2,0xB6,0x77,0x84,
		0xAA,0x08,0xF2,0x97,0x59,0x7A,0xA0,0x03,0x0D,0x3E,0x7E,0x6D,
		0x65,0x6A,0xA4,0xEA,0x54,0xA9,0x52,0x5F,0x63,0xB4,0xBC,0x98,
		0x4E,0xF6,0xE1,0xA4,0xEE,0x16,0x0A,0xB0,0x01,0xBD,0x9F,0xA1,







|
<
|







33
34
35
36
37
38
39
40

41
42
43
44
45
46
47
48
	fi

	return 1
}

gen_dh_params_fallback() {
	cat << \_EOF_
DH *get_dh2048(void) {

	static unsigned char dhp_2048[] = {
		0xC1,0x51,0x58,0x69,0xFB,0xE8,0x6C,0x47,0x2B,0x86,0x61,0x4F,
		0x20,0x2E,0xD3,0xFC,0x19,0xEE,0xB8,0xF3,0x35,0x7D,0xBA,0x86,
		0x2A,0xC3,0xC8,0x6E,0xF4,0x99,0x75,0x65,0xD3,0x7A,0x9E,0xDF,
		0xD4,0x1F,0x88,0xE3,0x17,0xFC,0xA1,0xED,0xA2,0xB6,0x77,0x84,
		0xAA,0x08,0xF2,0x97,0x59,0x7A,0xA0,0x03,0x0D,0x3E,0x7E,0x6D,
		0x65,0x6A,0xA4,0xEA,0x54,0xA9,0x52,0x5F,0x63,0xB4,0xBC,0x98,
		0x4E,0xF6,0xE1,0xA4,0xEE,0x16,0x0A,0xB0,0x01,0xBD,0x9F,0xA1,
58
59
60
61
62
63
64
65
66
67
68

69

70
71


72


73



74







75


76
77
78
79
80
81
82
83
84
		0xA9,0x4D,0xD5,0xFD,0xED,0xF2,0x6D,0x32,0x17,0x97,0x5B,0x06,
		0x60,0x9C,0x5F,0xA3,0x5D,0x34,0x14,0x7E,0x63,0x54,0xE4,0x7E,
		0x09,0x8F,0xBB,0x8E,0xA0,0xD0,0x96,0xAC,0x30,0x20,0x39,0x3B,
		0x8C,0x92,0x65,0x37,0x0A,0x8F,0xEC,0x72,0x8B,0x61,0x7D,0x62,
		0x24,0x54,0xE9,0x1D,0x01,0x68,0x89,0xC4,0x7B,0x3C,0x48,0x62,
		0x9B,0x83,0x11,0x3A,0x0B,0x0D,0xEF,0x5A,0xE4,0x7A,0xA0,0x69,
		0xF4,0x54,0xB5,0x5B,
		};
	static unsigned char dh2048_g[]={
		0x02,
		};

	DH *dh;


	if ((dh=DH_new()) == NULL) return(NULL);


	dh->p=BN_bin2bn(dh2048_p,sizeof(dh2048_p),NULL);


	dh->g=BN_bin2bn(dh2048_g,sizeof(dh2048_g),NULL);



	if ((dh->p == NULL) || (dh->g == NULL))







		{ DH_free(dh); return(NULL); }


	return(dh);
	}
_EOF_
}

# Enable support for giving the same DH params each time
if [ "$1" = 'fallback' ]; then
	gen_dh_params_fallback && exit 0








|
|

|
>
|
>

|
>
>
|
>
>
|
>
>
>
|
>
>
>
>
>
>
>
|
>
>

|







57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
		0xA9,0x4D,0xD5,0xFD,0xED,0xF2,0x6D,0x32,0x17,0x97,0x5B,0x06,
		0x60,0x9C,0x5F,0xA3,0x5D,0x34,0x14,0x7E,0x63,0x54,0xE4,0x7E,
		0x09,0x8F,0xBB,0x8E,0xA0,0xD0,0x96,0xAC,0x30,0x20,0x39,0x3B,
		0x8C,0x92,0x65,0x37,0x0A,0x8F,0xEC,0x72,0x8B,0x61,0x7D,0x62,
		0x24,0x54,0xE9,0x1D,0x01,0x68,0x89,0xC4,0x7B,0x3C,0x48,0x62,
		0x9B,0x83,0x11,0x3A,0x0B,0x0D,0xEF,0x5A,0xE4,0x7A,0xA0,0x69,
		0xF4,0x54,0xB5,0x5B,
	};
	static unsigned char dhg_2048[] = {
		0x02,
	};

	DH *dh = DH_new();;
	BIGNUM *dhp_bn, *dhg_bn;

	if (dh == NULL) {
		return NULL;
	}

	dhp_bn = BN_bin2bn(dhp_2048, sizeof (dhp_2048), NULL);
	dhg_bn = BN_bin2bn(dhg_2048, sizeof (dhg_2048), NULL);

#if OPENSSL_VERSION_NUMBER < 0x10100000L
	dh->p = dhp_bn;
	dh->g = dhg_bn;

	if (dhp_bn == NULL || dhg_bn == NULL) {
#else
	if (dhp_bn == NULL || dhg_bn == NULL || !DH_set0_pqg(dh, dhp_bn, NULL, dhg_bn)) {
#endif
		DH_free(dh);
		BN_free(dhp_bn);
		BN_free(dhg_bn);
		return(NULL);
	}

	return(dh);
}
_EOF_
}

# Enable support for giving the same DH params each time
if [ "$1" = 'fallback' ]; then
	gen_dh_params_fallback && exit 0

Modified tls.c from [9b5d593b52] to [1ee30f1327].
119
120
121
122
123
124
125



126
127
128
129
130
131
132
#include <openssl/crypto.h>

/*
 * Threaded operation requires locking callbacks
 * Based from /crypto/cryptlib.c of OpenSSL and NSOpenSSL.
 */




static Tcl_Mutex locks[CRYPTO_NUM_LOCKS];
static Tcl_Mutex init_mx;

static void          CryptoThreadLockCallback (int mode, int n, const char *file, int line);
static unsigned long CryptoThreadIdCallback   (void);

static void







>
>
>







119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
#include <openssl/crypto.h>

/*
 * Threaded operation requires locking callbacks
 * Based from /crypto/cryptlib.c of OpenSSL and NSOpenSSL.
 */

#ifndef CRYPTO_NUM_LOCKS
#define CRYPTO_NUM_LOCKS 128
#endif
static Tcl_Mutex locks[CRYPTO_NUM_LOCKS];
static Tcl_Mutex init_mx;

static void          CryptoThreadLockCallback (int mode, int n, const char *file, int line);
static unsigned long CryptoThreadIdCallback   (void);

static void
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
 */
static int
VerifyCallback(int ok, X509_STORE_CTX *ctx)
{
    Tcl_Obj *cmdPtr, *result;
    char *errStr, *string;
    int length;
    SSL   *ssl		= (SSL*)X509_STORE_CTX_get_app_data(ctx);
    X509  *cert		= X509_STORE_CTX_get_current_cert(ctx);
    State *statePtr	= (State*)SSL_get_app_data(ssl);
    int depth		= X509_STORE_CTX_get_error_depth(ctx);
    int err		= X509_STORE_CTX_get_error(ctx);

    dprintf("Verify: %d", ok);








|







263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
 */
static int
VerifyCallback(int ok, X509_STORE_CTX *ctx)
{
    Tcl_Obj *cmdPtr, *result;
    char *errStr, *string;
    int length;
    SSL   *ssl		= (SSL*)X509_STORE_CTX_get_ex_data(ctx, SSL_get_ex_data_X509_STORE_CTX_idx());
    X509  *cert		= X509_STORE_CTX_get_current_cert(ctx);
    State *statePtr	= (State*)SSL_get_app_data(ssl);
    int depth		= X509_STORE_CTX_get_error_depth(ctx);
    int err		= X509_STORE_CTX_get_error(ctx);

    dprintf("Verify: %d", ok);

1742
1743
1744
1745
1746
1747
1748
1749
1750
1751
1752
1753
1754
1755
1756
1757
1758
1759
1760
1761
1762
1763
1764
1765
1766
1767
1768
1769
1770
1771
1772
1773
1774
1775
1776
1777
1778
1779
1780
1781
1782
1783
1784
1785
1786
1787
1788
1789
1790
1791
1792
1793
1794
1795
1796
1797
1798
1799
1800
1801
1802
1803
1804
1805
1806
1807
1808

1809
1810
 *
 *------------------------------------------------------*
 */
static int TlsLibInit (void) {
    static int initialized = 0;
    int i;
    char rnd_seed[16] = "GrzSlplKqUdnnzP!";	/* 16 bytes */
    int status=TCL_OK;

    if (initialized) {
        return status;
    }
    initialized = 1;

#if defined(OPENSSL_THREADS) && defined(TCL_THREADS)
    size_t num_locks;

    Tcl_MutexLock(&init_mx);
#endif

	    if (CRYPTO_set_mem_functions((void *(*)(size_t))Tcl_Alloc,
					 (void *(*)(void *, size_t))Tcl_Realloc,
					 (void(*)(void *))Tcl_Free) == 0) {
	       /* Not using Tcl's mem functions ... not critical */
	    }

#if defined(OPENSSL_THREADS) && defined(TCL_THREADS)
	    /* should we consider allocating mutexes? */
	    num_locks = CRYPTO_num_locks();
	    if (num_locks > CRYPTO_NUM_LOCKS) {
		status=TCL_ERROR;
		goto done;
	    }

	    CRYPTO_set_locking_callback(CryptoThreadLockCallback);
	    CRYPTO_set_id_callback(CryptoThreadIdCallback);
#endif

	    if (SSL_library_init() != 1) {
	    	status=TCL_ERROR;
		goto done;
	    }
	    SSL_load_error_strings();
	    ERR_load_crypto_strings();

	    /*
	     * Seed the random number generator in the SSL library,
	     * using the do/while construct because of the bug note in the
	     * OpenSSL FAQ at http://www.openssl.org/support/faq.html#USER1
	     *
	     * The crux of the problem is that Solaris 7 does not have a 
	     * /dev/random or /dev/urandom device so it cannot gather enough
	     * entropy from the RAND_seed() when TLS initializes and refuses
	     * to go further. Earlier versions of OpenSSL carried on regardless.
	     */
	    srand((unsigned int) time((time_t *) NULL));
	    do {
		for (i = 0; i < 16; i++) {
		    rnd_seed[i] = 1 + (char) (255.0 * rand()/(RAND_MAX+1.0));
		}
		RAND_seed(rnd_seed, sizeof(rnd_seed));
	    } while (RAND_status() != 1);
done:

#if defined(OPENSSL_THREADS) && defined(TCL_THREADS)
	Tcl_MutexUnlock(&init_mx);
#endif

    return status;
}







|


|









|
|
|
|
|


|
|
|
|
|
|

|
|


|
|
|
|
|
|

|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|



|

>


1745
1746
1747
1748
1749
1750
1751
1752
1753
1754
1755
1756
1757
1758
1759
1760
1761
1762
1763
1764
1765
1766
1767
1768
1769
1770
1771
1772
1773
1774
1775
1776
1777
1778
1779
1780
1781
1782
1783
1784
1785
1786
1787
1788
1789
1790
1791
1792
1793
1794
1795
1796
1797
1798
1799
1800
1801
1802
1803
1804
1805
1806
1807
1808
1809
1810
1811
1812
1813
1814
 *
 *------------------------------------------------------*
 */
static int TlsLibInit (void) {
    static int initialized = 0;
    int i;
    char rnd_seed[16] = "GrzSlplKqUdnnzP!";	/* 16 bytes */
    int status = TCL_OK;

    if (initialized) {
        return(status);
    }
    initialized = 1;

#if defined(OPENSSL_THREADS) && defined(TCL_THREADS)
    size_t num_locks;

    Tcl_MutexLock(&init_mx);
#endif

    if (CRYPTO_set_mem_functions((void *(*)(size_t))Tcl_Alloc,
				 (void *(*)(void *, size_t))Tcl_Realloc,
				 (void(*)(void *))Tcl_Free) == 0) {
       /* Not using Tcl's mem functions ... not critical */
    }

#if defined(OPENSSL_THREADS) && defined(TCL_THREADS)
    /* should we consider allocating mutexes? */
    num_locks = CRYPTO_num_locks();
    if (num_locks > CRYPTO_NUM_LOCKS) {
	status = TCL_ERROR;
	goto done;
    }

    CRYPTO_set_locking_callback(CryptoThreadLockCallback);
    CRYPTO_set_id_callback(CryptoThreadIdCallback);
#endif

    if (SSL_library_init() != 1) {
    	status = TCL_ERROR;
	goto done;
    }
    SSL_load_error_strings();
    ERR_load_crypto_strings();

    /*
     * Seed the random number generator in the SSL library,
     * using the do/while construct because of the bug note in the
     * OpenSSL FAQ at http://www.openssl.org/support/faq.html#USER1
     *
     * The crux of the problem is that Solaris 7 does not have a 
     * /dev/random or /dev/urandom device so it cannot gather enough
     * entropy from the RAND_seed() when TLS initializes and refuses
     * to go further. Earlier versions of OpenSSL carried on regardless.
     */
    srand((unsigned int) time((time_t *) NULL));
    do {
	for (i = 0; i < 16; i++) {
	    rnd_seed[i] = 1 + (char) (255.0 * rand()/(RAND_MAX+1.0));
	}
	RAND_seed(rnd_seed, sizeof(rnd_seed));
    } while (RAND_status() != 1);
done:

#if defined(OPENSSL_THREADS) && defined(TCL_THREADS)
    Tcl_MutexUnlock(&init_mx);
#endif

    return status;
}
Modified tlsBIO.c from [540c0ab883] to [936355d12f].
19
20
21
22
23
24
25
26
27

28
29
30
31
32
33
34
35
36

37
38

39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58

BIO *
BIO_new_tcl(statePtr, flags)
    State *statePtr;
    int flags;
{
    BIO *bio;
    static BIO_METHOD BioMethods = {
        .type = BIO_TYPE_TCL,

	.name = "tcl",
        .bwrite = BioWrite,
        .bread = BioRead,
        .bputs = BioPuts,
        .ctrl = BioCtrl,
        .create = BioNew,
        .destroy = BioFree,
    };


    bio			= BIO_new(&BioMethods);
    bio->ptr		= (char*)statePtr;

    bio->init		= 1;
    bio->shutdown	= flags;

    return bio;
}

static int
BioWrite (bio, buf, bufLen)
    BIO *bio;
    CONST char *buf;
    int bufLen;
{
    Tcl_Channel chan = Tls_GetParent((State*)(bio->ptr));
    int ret;

    dprintf("BioWrite(%p, <buf>, %d) [%p]",
	    (void *) bio, bufLen, (void *) chan);

    if (channelTypeVersion == TLS_CHANNEL_VERSION_2) {
	ret = Tcl_WriteRaw(chan, buf, bufLen);







|
|
>
|
|
|
|
|
|
|
<
|
>
|
|
>
|
|










|







19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35

36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60

BIO *
BIO_new_tcl(statePtr, flags)
    State *statePtr;
    int flags;
{
    BIO *bio;
    static BIO_METHOD *BioMethods = NULL;

    if (BioMethods == NULL) {
        BioMethods = BIO_meth_new(BIO_TYPE_TCL, "tcl");
        BIO_meth_set_write(BioMethods, BioWrite);
        BIO_meth_set_read(BioMethods, BioRead);
        BIO_meth_set_puts(BioMethods, BioPuts);
        BIO_meth_set_ctrl(BioMethods, BioCtrl);
        BIO_meth_set_create(BioMethods, BioNew);
        BIO_meth_set_destroy(BioMethods, BioFree);

    }

    bio = BIO_new(BioMethods);

    BIO_set_data(bio, statePtr);
    BIO_set_init(bio, 1);
    BIO_set_shutdown(bio, flags);

    return bio;
}

static int
BioWrite (bio, buf, bufLen)
    BIO *bio;
    CONST char *buf;
    int bufLen;
{
    Tcl_Channel chan = Tls_GetParent((State*)BIO_get_data(bio));
    int ret;

    dprintf("BioWrite(%p, <buf>, %d) [%p]",
	    (void *) bio, bufLen, (void *) chan);

    if (channelTypeVersion == TLS_CHANNEL_VERSION_2) {
	ret = Tcl_WriteRaw(chan, buf, bufLen);
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93

static int
BioRead (bio, buf, bufLen)
    BIO *bio;
    char *buf;
    int bufLen;
{
    Tcl_Channel chan = Tls_GetParent((State*)bio->ptr);
    int ret = 0;
    int tclEofChan;

    dprintf("BioRead(%p, <buf>, %d) [%p]", (void *) bio, bufLen, (void *) chan);

    if (buf == NULL) return 0;








|







81
82
83
84
85
86
87
88
89
90
91
92
93
94
95

static int
BioRead (bio, buf, bufLen)
    BIO *bio;
    char *buf;
    int bufLen;
{
    Tcl_Channel chan = Tls_GetParent((State*)BIO_get_data(bio));
    int ret = 0;
    int tclEofChan;

    dprintf("BioRead(%p, <buf>, %d) [%p]", (void *) bio, bufLen, (void *) chan);

    if (buf == NULL) return 0;

135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
static long
BioCtrl	(bio, cmd, num, ptr)
    BIO *bio;
    int cmd;
    long num;
    void *ptr;
{
    Tcl_Channel chan = Tls_GetParent((State*)bio->ptr);
    long ret = 1;
    int *ip;

    dprintf("BioCtrl(%p, 0x%x, 0x%x, %p)",
	    (void *) bio, (unsigned int) cmd, (unsigned int) num,
	    (void *) ptr);

    switch (cmd) {
    case BIO_CTRL_RESET:
	num = 0;
    case BIO_C_FILE_SEEK:
    case BIO_C_FILE_TELL:
	ret = 0;
	break;
    case BIO_CTRL_INFO:
	ret = 1;
	break;
    case BIO_C_SET_FD:
	BioFree(bio);
	/* Sets State* */
	bio->ptr	= *((char **)ptr);
	bio->shutdown	= (int)num;
	bio->init	= 1;
	break;
    case BIO_C_GET_FD:
	if (bio->init) {
	    ip = (int *)ptr;
	    if (ip != NULL) {
		*ip = bio->num;
	    }
	    ret = bio->num;
	} else {
	    ret = -1;
	}
	break;
    case BIO_CTRL_GET_CLOSE:
	ret = bio->shutdown;
	break;
    case BIO_CTRL_SET_CLOSE:
	bio->shutdown = (int)num;
	break;
    case BIO_CTRL_EOF:
	dprintf("BIO_CTRL_EOF");
	ret = Tcl_Eof(chan);
	break;
    case BIO_CTRL_PENDING:
	ret = (Tcl_InputBuffered(chan) ? 1 : 0);







|

<
















|
<
<
<
|
|

<
|
<
<
<
<
<
|
<
|

|


|







137
138
139
140
141
142
143
144
145

146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162



163
164
165

166





167

168
169
170
171
172
173
174
175
176
177
178
179
180
static long
BioCtrl	(bio, cmd, num, ptr)
    BIO *bio;
    int cmd;
    long num;
    void *ptr;
{
    Tcl_Channel chan = Tls_GetParent((State*)BIO_get_data(bio));
    long ret = 1;


    dprintf("BioCtrl(%p, 0x%x, 0x%x, %p)",
	    (void *) bio, (unsigned int) cmd, (unsigned int) num,
	    (void *) ptr);

    switch (cmd) {
    case BIO_CTRL_RESET:
	num = 0;
    case BIO_C_FILE_SEEK:
    case BIO_C_FILE_TELL:
	ret = 0;
	break;
    case BIO_CTRL_INFO:
	ret = 1;
	break;
    case BIO_C_SET_FD:
        dprintf("Unsupported call: BIO_C_SET_FD");



        ret = -1;
        break;
    case BIO_C_GET_FD:

        dprintf("Unsupported call: BIO_C_GET_FD");





        ret = -1;

        break;
    case BIO_CTRL_GET_CLOSE:
	ret = BIO_get_shutdown(bio);
	break;
    case BIO_CTRL_SET_CLOSE:
	BIO_set_shutdown(bio, num);
	break;
    case BIO_CTRL_EOF:
	dprintf("BIO_CTRL_EOF");
	ret = Tcl_Eof(chan);
	break;
    case BIO_CTRL_PENDING:
	ret = (Tcl_InputBuffered(chan) ? 1 : 0);
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
    return(ret);
}

static int
BioNew	(bio)
    BIO *bio;
{
    bio->init	= 0;
    bio->num	= 0;
    bio->ptr	= NULL;
    bio->flags	= 0;

    return 1;
}

static int
BioFree	(bio)
    BIO *bio;
{
    if (bio == NULL) {
	return 0;
    }

    if (bio->shutdown) {
	if (bio->init) {
	    /*shutdown(bio->num, 2) */
	    /*closesocket(bio->num) */
	}
	bio->init	= 0;
	bio->flags	= 0;
	bio->num	= 0;
    }
    return 1;
}







|
<
|
|











|
<
|



|
|
<



200
201
202
203
204
205
206
207

208
209
210
211
212
213
214
215
216
217
218
219
220
221

222
223
224
225
226
227

228
229
230
    return(ret);
}

static int
BioNew	(bio)
    BIO *bio;
{
    BIO_set_init(bio, 0);

    BIO_set_data(bio, NULL);
    BIO_clear_flags(bio, -1);

    return 1;
}

static int
BioFree	(bio)
    BIO *bio;
{
    if (bio == NULL) {
	return 0;
    }
    if (BIO_get_shutdown(bio)) {

	if (BIO_get_init(bio)) {
	    /*shutdown(bio->num, 2) */
	    /*closesocket(bio->num) */
	}
        BIO_set_init(bio, 0);
        BIO_clear_flags(bio, -1);

    }
    return 1;
}
Modified tlsInt.h from [65f97677c5] to [c265b67309].
257
258
259
260
261
262
263





















264
265
void		Tls_Error _ANSI_ARGS_ ((State *statePtr, char *msg));
void		Tls_Free _ANSI_ARGS_ ((char *blockPtr));
void		Tls_Clean _ANSI_ARGS_ ((State *statePtr));
int		Tls_WaitForConnect _ANSI_ARGS_(( State *statePtr,
							int *errorCodePtr));

BIO *		BIO_new_tcl _ANSI_ARGS_((State* statePtr, int flags));






















#endif /* _TLSINT_H */







>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>


257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
void		Tls_Error _ANSI_ARGS_ ((State *statePtr, char *msg));
void		Tls_Free _ANSI_ARGS_ ((char *blockPtr));
void		Tls_Clean _ANSI_ARGS_ ((State *statePtr));
int		Tls_WaitForConnect _ANSI_ARGS_(( State *statePtr,
							int *errorCodePtr));

BIO *		BIO_new_tcl _ANSI_ARGS_((State* statePtr, int flags));

#if OPENSSL_VERSION_NUMBER < 0x10100000L
#define BIO_get_data(bio)                ((bio)->ptr)
#define BIO_get_init(bio)                ((bio)->init)
#define BIO_get_shutdown(bio)            ((bio)->shutdown)
#define BIO_set_data(bio, val)           (bio)->ptr = (val)
#define BIO_set_init(bio, val)           (bio)->init = (val)
#define BIO_set_shutdown(bio, val)       (bio)->shutdown = (val)

/* XXX: This assumes the variable being assigned to is BioMethods */
#define BIO_meth_new(type_, name_)       (BIO_METHOD *)Tcl_Alloc(sizeof(BIO_METHOD)); \
                                         memset(BioMethods, 0, sizeof(BIO_METHOD)); \
                                         BioMethods->type = type_; \
                                         BioMethods->name = name_;
#define BIO_meth_set_write(bio, val)     (bio)->bwrite = val;
#define BIO_meth_set_read(bio, val)      (bio)->bread = val;
#define BIO_meth_set_puts(bio, val)      (bio)->bputs = val;
#define BIO_meth_set_ctrl(bio, val)      (bio)->ctrl = val;
#define BIO_meth_set_create(bio, val)    (bio)->create = val;
#define BIO_meth_set_destroy(bio, val)   (bio)->destroy = val;
#endif

#endif /* _TLSINT_H */
Modified tlsX509.c from [a24085972c] to [9fff18dbef].
97
98
99
100
101
102
103
104

105


106
107
108
109
110
111
112
    char issuer[BUFSIZ];
    char serial[BUFSIZ];
    char notBefore[BUFSIZ];
    char notAfter[BUFSIZ];
    char certStr[BUFSIZ];
#ifndef NO_SSL_SHA
    int shai;
    char sha_hash[SHA_DIGEST_LENGTH*2];

    const char *shachars="0123456789ABCDEF";


#endif

    certStr[0] = 0;
    if ((bio = BIO_new(BIO_s_mem())) == NULL) {
	subject[0] = 0;
	issuer[0]  = 0;
	serial[0]  = 0;







|
>

>
>







97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
    char issuer[BUFSIZ];
    char serial[BUFSIZ];
    char notBefore[BUFSIZ];
    char notAfter[BUFSIZ];
    char certStr[BUFSIZ];
#ifndef NO_SSL_SHA
    int shai;
    char sha_hash_ascii[SHA_DIGEST_LENGTH * 2 + 1];
    unsigned char sha_hash_binary[SHA_DIGEST_LENGTH];
    const char *shachars="0123456789ABCDEF";

    sha_hash_ascii[SHA_DIGEST_LENGTH * 2] = '\0';
#endif

    certStr[0] = 0;
    if ((bio = BIO_new(BIO_s_mem())) == NULL) {
	subject[0] = 0;
	issuer[0]  = 0;
	serial[0]  = 0;
142
143
144
145
146
147
148

149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
	BIO_free(bio);
    }

    strcpy( notBefore, ASN1_UTCTIME_tostr( X509_get_notBefore(cert) ));
    strcpy( notAfter, ASN1_UTCTIME_tostr( X509_get_notAfter(cert) ));

#ifndef NO_SSL_SHA

    for (shai=0;shai<SHA_DIGEST_LENGTH;shai++)
    {
        sha_hash[shai * 2]=shachars[(cert->sha1_hash[shai] & 0xF0) >> 4];
        sha_hash[shai * 2 + 1]=shachars[(cert->sha1_hash[shai] & 0x0F)];
    }
    Tcl_ListObjAppendElement( interp, certPtr,
	    Tcl_NewStringObj( "sha1_hash", -1) );
    Tcl_ListObjAppendElement( interp, certPtr,
	    Tcl_NewStringObj( sha_hash, SHA_DIGEST_LENGTH*2) );

#endif
    Tcl_ListObjAppendElement( interp, certPtr,
	    Tcl_NewStringObj( "subject", -1) );
    Tcl_ListObjAppendElement( interp, certPtr,
	    Tcl_NewStringObj( subject, -1) );








>
|
<
|
|

|
<
|
<







145
146
147
148
149
150
151
152
153

154
155
156
157

158

159
160
161
162
163
164
165
	BIO_free(bio);
    }

    strcpy( notBefore, ASN1_UTCTIME_tostr( X509_get_notBefore(cert) ));
    strcpy( notAfter, ASN1_UTCTIME_tostr( X509_get_notAfter(cert) ));

#ifndef NO_SSL_SHA
    X509_digest(cert, EVP_sha1(), sha_hash_binary, NULL);
    for (shai = 0; shai < SHA_DIGEST_LENGTH; shai++) {

        sha_hash_ascii[shai * 2]     = shachars[(sha_hash_binary[shai] & 0xF0) >> 4];
        sha_hash_ascii[shai * 2 + 1] = shachars[(sha_hash_binary[shai] & 0x0F)];
    }
    Tcl_ListObjAppendElement( interp, certPtr, Tcl_NewStringObj("sha1_hash", -1) );

    Tcl_ListObjAppendElement( interp, certPtr, Tcl_NewStringObj(sha_hash_ascii, SHA_DIGEST_LENGTH * 2) );


#endif
    Tcl_ListObjAppendElement( interp, certPtr,
	    Tcl_NewStringObj( "subject", -1) );
    Tcl_ListObjAppendElement( interp, certPtr,
	    Tcl_NewStringObj( subject, -1) );