Changes In Branch crypto Through [8440f589be] Excluding Merge-Ins
This is equivalent to a diff from 6287936460 to 8440f589be
2024-02-24
| ||
03:57 | Merged in changes from master check-in: 603eb0c0ba user: bohagan tags: crypto | |
2024-02-23
| ||
23:45 | Documentation corrections and updates check-in: 4935443e89 user: bohagan tags: trunk | |
2024-02-11
| ||
21:24 | Updated test cases for OpenSSL 3.0. Added load legacy provider for obsolete algorithms. check-in: 8440f589be user: bohagan tags: crypto | |
20:51 | Merged changes from master. check-in: 45be9618dc user: bohagan tags: crypto | |
02:16 | Corrected memory leaks in use of dynamic strings check-in: 6287936460 user: bohagan tags: trunk | |
2024-02-10
| ||
22:55 | Added examples to doc check-in: c8af0f28b0 user: bohagan tags: trunk | |
Modified configure
from [3a830b9e57]
to [db3c76f46d].
︙ | ︙ | |||
5383 5384 5385 5386 5387 5388 5389 | # stub library C source files to compile in TEA_ADD_STUB_SOURCES, # and runtime Tcl library files in TEA_ADD_TCL_SOURCES. # This defines PKG(_STUB)_SOURCES, PKG(_STUB)_OBJECTS, PKG_HEADERS # and PKG_TCL_SOURCES. #----------------------------------------------------------------------- | | | 5383 5384 5385 5386 5387 5388 5389 5390 5391 5392 5393 5394 5395 5396 5397 | # stub library C source files to compile in TEA_ADD_STUB_SOURCES, # and runtime Tcl library files in TEA_ADD_TCL_SOURCES. # This defines PKG(_STUB)_SOURCES, PKG(_STUB)_OBJECTS, PKG_HEADERS # and PKG_TCL_SOURCES. #----------------------------------------------------------------------- vars="tls.c tlsBIO.c tlsDigest.c tlsEncrypt.c tlsInfo.c tlsIO.c tlsKDF.c tlsRand.c tlsUtil.c tlsX509.c" for i in $vars; do case $i in \$*) # allow $-var names PKG_SOURCES="$PKG_SOURCES $i" PKG_OBJECTS="$PKG_OBJECTS $i" ;; |
︙ | ︙ |
Modified configure.ac
from [d5f3ebd9b3]
to [1108be8f97].
︙ | ︙ | |||
67 68 69 70 71 72 73 | # public headers that need to be installed in TEA_ADD_HEADERS, # stub library C source files to compile in TEA_ADD_STUB_SOURCES, # and runtime Tcl library files in TEA_ADD_TCL_SOURCES. # This defines PKG(_STUB)_SOURCES, PKG(_STUB)_OBJECTS, PKG_HEADERS # and PKG_TCL_SOURCES. #----------------------------------------------------------------------- | | | 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 | # public headers that need to be installed in TEA_ADD_HEADERS, # stub library C source files to compile in TEA_ADD_STUB_SOURCES, # and runtime Tcl library files in TEA_ADD_TCL_SOURCES. # This defines PKG(_STUB)_SOURCES, PKG(_STUB)_OBJECTS, PKG_HEADERS # and PKG_TCL_SOURCES. #----------------------------------------------------------------------- TEA_ADD_SOURCES([tls.c tlsBIO.c tlsDigest.c tlsEncrypt.c tlsInfo.c tlsIO.c tlsKDF.c tlsRand.c tlsUtil.c tlsX509.c]) TEA_ADD_HEADERS([generic/tls.h]) TEA_ADD_INCLUDES([]) TEA_ADD_LIBS([]) TEA_ADD_CFLAGS([]) TEA_ADD_STUB_SOURCES([]) TEA_ADD_TCL_SOURCES([library/tls.tcl]) |
︙ | ︙ |
Added doc/cryptography.html version [c0f7bb9ac4].
Added doc/docs.css version [0ab4787813].
Modified generic/tclOpts.h
from [fee5089a30]
to [6a496a0d8f].
1 | /* | < < | < | | < < < < < | | | > > | | | > | < | | | | < > | < | | | | < < | | | | < | | < | < | < | | < < < | 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 | /* * Convenient option processing */ #ifndef _TCL_OPTS_H #define _TCL_OPTS_H #define GET_OPT_BOOL(objPtr, varPtr) \ if (Tcl_GetBooleanFromObj(interp, objPtr, varPtr) != TCL_OK) { \ return TCL_ERROR; \ } #define GET_OPT_INT(objPtr, varPtr) \ if (Tcl_GetIntFromObj(interp, objPtr, varPtr) != TCL_OK) { \ return TCL_ERROR; \ } #define GET_OPT_LONG(objPtr, varPtr) \ if (Tcl_GetLongFromObj(interp, objPtr, varPtr) != TCL_OK) { \ return TCL_ERROR; \ } #define GET_OPT_WIDE(objPtr, varPtr) \ if (Tcl_GetWideIntFromObj(interp, objPtr, varPtr) != TCL_OK) { \ return TCL_ERROR; \ } #define GET_OPT_BIGNUM(objPtr, varPtr) \ if (Tcl_GetBignumFromObj(interp, objPtr, varPtr) != TCL_OK) { \ return TCL_ERROR; \ } #define GET_OPT_STRING(objPtr, var, lenPtr) \ if ((var = Tcl_GetStringFromObj(objPtr, lenPtr)) == NULL) { \ return TCL_ERROR; \ } \ #define GET_OPT_BYTE_ARRAY(objPtr, var, lenPtr) \ if ((var = Tcl_GetByteArrayFromObj(objPtr, lenPtr)) == NULL) { \ return TCL_ERROR; \ } \ #endif /* _TCL_OPTS_H */ |
Modified generic/tls.c
from [489d26f33a]
to [e039ae1932].
︙ | ︙ | |||
22 23 24 25 26 27 28 29 30 31 32 33 34 35 | * */ #include "tlsInt.h" #include "tclOpts.h" #include <stdio.h> #include <stdlib.h> #include <openssl/rsa.h> #include <openssl/safestack.h> /* Min OpenSSL version */ #if OPENSSL_VERSION_NUMBER < 0x10101000L #error "Only OpenSSL v1.1.1 or later is supported" #endif | > > > > | 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 | * */ #include "tlsInt.h" #include "tclOpts.h" #include <stdio.h> #include <stdlib.h> #include <openssl/crypto.h> #include <openssl/ssl.h> #include <openssl/evp.h> #include <openssl/objects.h> #include <openssl/rsa.h> #include <openssl/safestack.h> /* Min OpenSSL version */ #if OPENSSL_VERSION_NUMBER < 0x10101000L #error "Only OpenSSL v1.1.1 or later is supported" #endif |
︙ | ︙ | |||
232 233 234 235 236 237 238 | static void MessageCallback(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg) { State *statePtr = (State*)arg; Tcl_Interp *interp = statePtr->interp; Tcl_Obj *cmdPtr; char *ver, *type; BIO *bio; | | | 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 | static void MessageCallback(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg) { State *statePtr = (State*)arg; Tcl_Interp *interp = statePtr->interp; Tcl_Obj *cmdPtr; char *ver, *type; BIO *bio; char buffer[30000]; buffer[0] = 0; dprintf("Called"); if (statePtr->callback == (Tcl_Obj*)NULL) return; |
︙ | ︙ | |||
365 366 367 368 369 370 371 | * to a string describing the SSL negotiation failure reason * *------------------------------------------------------------------- */ static int VerifyCallback(int ok, X509_STORE_CTX *ctx) { Tcl_Obj *cmdPtr; | | | 369 370 371 372 373 374 375 376 377 378 379 380 381 382 383 | * to a string describing the SSL negotiation failure reason * *------------------------------------------------------------------- */ static int VerifyCallback(int ok, X509_STORE_CTX *ctx) { Tcl_Obj *cmdPtr; SSL *ssl = (SSL*)X509_STORE_CTX_get_ex_data(ctx, SSL_get_ex_data_X509_STORE_CTX_idx()); X509 *cert = X509_STORE_CTX_get_current_cert(ctx); State *statePtr = (State*)SSL_get_app_data(ssl); Tcl_Interp *interp = statePtr->interp; int depth = X509_STORE_CTX_get_error_depth(ctx); int err = X509_STORE_CTX_get_error(ctx); dprintf("Called"); |
︙ | ︙ | |||
928 929 930 931 932 933 934 | /********************/ /* Commands */ /********************/ /* *------------------------------------------------------------------- * | < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < | 932 933 934 935 936 937 938 939 940 941 942 943 944 945 | /********************/ /* Commands */ /********************/ /* *------------------------------------------------------------------- * * HandshakeObjCmd -- * * This command is used to verify whether the handshake is complete * or not. * * Results: * A standard Tcl result. 1 means handshake complete, 0 means pending. |
︙ | ︙ | |||
1225 1226 1227 1228 1229 1230 1231 1232 1233 1234 1235 1236 1237 1238 | } dprintf("Returning TCL_OK with data \"%i\"", ret); Tcl_SetObjResult(interp, Tcl_NewIntObj(ret)); return(TCL_OK); } /* *------------------------------------------------------------------- * * ImportObjCmd -- * * This procedure is invoked to process the "ssl" command * | > > > > > > > > > > > > > > | 1013 1014 1015 1016 1017 1018 1019 1020 1021 1022 1023 1024 1025 1026 1027 1028 1029 1030 1031 1032 1033 1034 1035 1036 1037 1038 1039 1040 | } dprintf("Returning TCL_OK with data \"%i\"", ret); Tcl_SetObjResult(interp, Tcl_NewIntObj(ret)); return(TCL_OK); } static const char *command_opts [] = { "-alpn", "-cadir", "-cafile", "-cert", "-certfile", "-cipher", "-ciphers", "-ciphersuites", "-command", "-dhparams", "-key", "-keyfile", "-model", "-password", "-post_handshake", "-request", "-require", "-security_level", "-server", "-servername", "-session_id", "-ssl2", "-ssl3", "-tls1", "-tls1.1", "-tls1.2", "-tls1.3", "-validatecommand", "-vcmd", NULL}; enum _command_opts { _opt_alpn, _opt_cadir, _opt_cafile, _opt_cert, _opt_certfile, _opt_cipher, _opt_ciphers, _opt_ciphersuite, _opt_cmd, _opt_dhparams, _opt_key, _opt_keyfile, _opt_model, _opt_password, _opt_handshake, _opt_request, _opt_require, _opt_security_level, _opt_server, _opt_servername, _opt_session_id, _opt_ssl2, _opt_ssl3, _opt_tls1, _opt_tls11, _opt_tls12, _opt_tls13, _opt_validate, _opt_vcmd }; /* *------------------------------------------------------------------- * * ImportObjCmd -- * * This procedure is invoked to process the "ssl" command * |
︙ | ︙ | |||
1247 1248 1249 1250 1251 1252 1253 | *------------------------------------------------------------------- */ static int ImportObjCmd(ClientData clientData, Tcl_Interp *interp, int objc, Tcl_Obj *const objv[]) { Tcl_Channel chan; /* The channel to set a mode on. */ State *statePtr; /* client state for ssl socket */ SSL_CTX *ctx = NULL; | | | | > | | 1049 1050 1051 1052 1053 1054 1055 1056 1057 1058 1059 1060 1061 1062 1063 1064 1065 1066 1067 1068 1069 1070 1071 1072 1073 1074 1075 1076 1077 1078 1079 1080 1081 1082 1083 1084 1085 1086 | *------------------------------------------------------------------- */ static int ImportObjCmd(ClientData clientData, Tcl_Interp *interp, int objc, Tcl_Obj *const objv[]) { Tcl_Channel chan; /* The channel to set a mode on. */ State *statePtr; /* client state for ssl socket */ SSL_CTX *ctx = NULL; Tcl_Obj *cmdObj = NULL; Tcl_Obj *passwdObj = NULL; Tcl_Obj *vcmd = NULL; Tcl_DString upperChannelTranslation, upperChannelBlocking, upperChannelEncoding, upperChannelEOFChar; int idx; Tcl_Size fn, len; int flags = TLS_TCL_INIT; int server = 0; /* is connection incoming or outgoing? */ char *keyfile = NULL; char *certfile = NULL; unsigned char *key = NULL; Tcl_Size key_len = 0; unsigned char *cert = NULL; Tcl_Size cert_len = 0; char *ciphers = NULL; char *ciphersuites = NULL; char *CAfile = NULL; char *CApath = NULL; char *DHparams = NULL; char *model = NULL; char *servername = NULL; /* hostname for Server Name Indication */ const unsigned char *session_id = NULL; Tcl_Size sess_len = 0; Tcl_Obj *alpnObj = NULL; int ssl2 = 0, ssl3 = 0; int tls1 = 1, tls1_1 = 1, tls1_2 = 1, tls1_3 = 1; int proto = 0, level = -1; int verify = 0, require = 0, request = 1, post_handshake = 0; (void) clientData; dprintf("Called"); |
︙ | ︙ | |||
1307 1308 1309 1310 1311 1312 1313 | return TCL_ERROR; } /* Make sure to operate on the topmost channel */ chan = Tcl_GetTopChannel(chan); for (idx = 2; idx < objc; idx++) { | > > > | > > > > | | > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > | < < < < < < < < < < < < < < < < < < < < < < < < < < < < < | < < < | 1110 1111 1112 1113 1114 1115 1116 1117 1118 1119 1120 1121 1122 1123 1124 1125 1126 1127 1128 1129 1130 1131 1132 1133 1134 1135 1136 1137 1138 1139 1140 1141 1142 1143 1144 1145 1146 1147 1148 1149 1150 1151 1152 1153 1154 1155 1156 1157 1158 1159 1160 1161 1162 1163 1164 1165 1166 1167 1168 1169 1170 1171 1172 1173 1174 1175 1176 1177 1178 1179 1180 1181 1182 1183 1184 1185 1186 1187 1188 1189 1190 1191 1192 1193 1194 1195 1196 1197 1198 1199 1200 1201 1202 1203 1204 1205 1206 1207 1208 1209 1210 1211 1212 1213 1214 1215 1216 1217 1218 1219 1220 | return TCL_ERROR; } /* Make sure to operate on the topmost channel */ chan = Tcl_GetTopChannel(chan); for (idx = 2; idx < objc; idx++) { if (Tcl_GetIndexFromObj(interp, objv[idx], command_opts, "option", 0, &fn) != TCL_OK) { return TCL_ERROR; } /* Validate arg has value */ if (++idx >= objc) { Tcl_AppendResult(interp, "No value for option \"", command_opts[fn], "\"", (char *) NULL); return TCL_ERROR; } switch(fn) { case _opt_alpn: alpnObj = objv[idx]; break; case _opt_cadir: GET_OPT_STRING(objv[idx], CApath, NULL); break; case _opt_cafile: GET_OPT_STRING(objv[idx], CAfile, NULL); break; case _opt_cert: GET_OPT_BYTE_ARRAY(objv[idx], cert, &cert_len); break; case _opt_certfile: GET_OPT_STRING(objv[idx], certfile, NULL); break; case _opt_cipher: case _opt_ciphers: GET_OPT_STRING(objv[idx], ciphers, NULL); break; case _opt_ciphersuite: GET_OPT_STRING(objv[idx], ciphersuites, NULL); break; case _opt_cmd: cmdObj = objv[idx]; break; case _opt_dhparams: GET_OPT_STRING(objv[idx], DHparams, NULL); break; case _opt_key: GET_OPT_BYTE_ARRAY(objv[idx], key, &key_len); break; case _opt_keyfile: GET_OPT_STRING(objv[idx], keyfile, NULL); break; case _opt_model: GET_OPT_STRING(objv[idx], model, NULL); break; case _opt_password: passwdObj = objv[idx]; break; case _opt_handshake: GET_OPT_BOOL(objv[idx], &post_handshake); break; case _opt_request: GET_OPT_BOOL(objv[idx], &request); break; case _opt_require: GET_OPT_BOOL(objv[idx], &require); break; case _opt_security_level: GET_OPT_INT(objv[idx], &level); break; case _opt_server: GET_OPT_BOOL(objv[idx], &server); break; case _opt_servername: GET_OPT_STRING(objv[idx], servername, NULL); break; case _opt_session_id: GET_OPT_BYTE_ARRAY(objv[idx], session_id, &sess_len); break; case _opt_ssl2: GET_OPT_INT(objv[idx], &ssl2); break; case _opt_ssl3: GET_OPT_INT(objv[idx], &ssl3); break; case _opt_tls1: GET_OPT_INT(objv[idx], &tls1); break; case _opt_tls11: GET_OPT_INT(objv[idx], &tls1_1); break; case _opt_tls12: GET_OPT_INT(objv[idx], &tls1_2); break; case _opt_tls13: GET_OPT_INT(objv[idx], &tls1_3); break; case _opt_validate: case _opt_vcmd: vcmd = objv[idx]; break; } } if (request) verify |= SSL_VERIFY_CLIENT_ONCE | SSL_VERIFY_PEER; if (request && require) verify |= SSL_VERIFY_FAIL_IF_NO_PEER_CERT; if (request && post_handshake) verify |= SSL_VERIFY_POST_HANDSHAKE; if (verify == 0) verify = SSL_VERIFY_NONE; proto |= (ssl2 ? TLS_PROTO_SSL2 : 0); proto |= (ssl3 ? TLS_PROTO_SSL3 : 0); |
︙ | ︙ | |||
1379 1380 1381 1382 1383 1384 1385 | statePtr->flags = flags; statePtr->interp = interp; statePtr->vflags = verify; statePtr->err = ""; /* allocate script */ | | | | | | | | 1240 1241 1242 1243 1244 1245 1246 1247 1248 1249 1250 1251 1252 1253 1254 1255 1256 1257 1258 1259 1260 1261 1262 1263 1264 1265 1266 | statePtr->flags = flags; statePtr->interp = interp; statePtr->vflags = verify; statePtr->err = ""; /* allocate script */ if (cmdObj != NULL) { (void) Tcl_GetStringFromObj(cmdObj, &len); if (len) { statePtr->callback = cmdObj; Tcl_IncrRefCount(statePtr->callback); } } /* allocate password */ if (passwdObj != NULL) { (void) Tcl_GetStringFromObj(passwdObj, &len); if (len) { statePtr->password = passwdObj; Tcl_IncrRefCount(statePtr->password); } } /* allocate validate command */ if (vcmd) { (void) Tcl_GetStringFromObj(vcmd, &len); |
︙ | ︙ | |||
1507 1508 1509 1510 1511 1512 1513 | Tcl_SetErrorCode(interp, "TLS", "IMPORT", "HOSTNAME", "FAILED", (char *) NULL); Tls_Free((char *) statePtr); return TCL_ERROR; } } /* Resume session id */ | | | | | | 1368 1369 1370 1371 1372 1373 1374 1375 1376 1377 1378 1379 1380 1381 1382 1383 1384 1385 1386 1387 1388 1389 1390 1391 1392 1393 1394 1395 1396 1397 1398 1399 1400 1401 1402 | Tcl_SetErrorCode(interp, "TLS", "IMPORT", "HOSTNAME", "FAILED", (char *) NULL); Tls_Free((char *) statePtr); return TCL_ERROR; } } /* Resume session id */ if (session_id && sess_len <= SSL_MAX_SID_CTX_LENGTH) { /* SSL_set_session() */ if (!SSL_SESSION_set1_id_context(SSL_get_session(statePtr->ssl), session_id, (unsigned int) sess_len)) { Tcl_AppendResult(interp, "Resume session failed: ", GET_ERR_REASON(), (char *) NULL); Tcl_SetErrorCode(interp, "TLS", "IMPORT", "SESSION", "FAILED", (char *) NULL); Tls_Free((char *) statePtr); return TCL_ERROR; } } /* Enable Application-Layer Protocol Negotiation. Examples are: http/1.0, http/1.1, h2, h3, ftp, imap, pop3, xmpp-client, xmpp-server, mqtt, irc, etc. */ if (alpnObj != NULL) { /* Convert a TCL list into a protocol-list in wire-format */ unsigned char *protos, *p; unsigned int protos_len = 0; Tcl_Size cnt, i; int j; Tcl_Obj **list; if (Tcl_ListObjGetElements(interp, alpnObj, &cnt, &list) != TCL_OK) { Tls_Free((char *) statePtr); return TCL_ERROR; } /* Determine the memory required for the protocol-list */ for (i = 0; i < cnt; i++) { Tcl_GetStringFromObj(list[i], &len); |
︙ | ︙ | |||
1576 1577 1578 1579 1580 1581 1582 1583 1584 1585 1586 1587 1588 1589 | statePtr->protos_len = 0; } /* * SSL Callbacks */ SSL_set_app_data(statePtr->ssl, (void *)statePtr); /* point back to us */ SSL_set_verify(statePtr->ssl, verify, VerifyCallback); SSL_set_info_callback(statePtr->ssl, InfoCallback); /* Callback for observing protocol messages */ #ifndef OPENSSL_NO_SSL_TRACE /* void SSL_CTX_set_msg_callback_arg(statePtr->ctx, (void *)statePtr); void SSL_CTX_set_msg_callback(statePtr->ctx, MessageCallback); */ | > | 1437 1438 1439 1440 1441 1442 1443 1444 1445 1446 1447 1448 1449 1450 1451 | statePtr->protos_len = 0; } /* * SSL Callbacks */ SSL_set_app_data(statePtr->ssl, (void *)statePtr); /* point back to us */ SSL_set_verify(statePtr->ssl, verify, VerifyCallback); SSL_set_info_callback(statePtr->ssl, InfoCallback); /* Callback for observing protocol messages */ #ifndef OPENSSL_NO_SSL_TRACE /* void SSL_CTX_set_msg_callback_arg(statePtr->ctx, (void *)statePtr); void SSL_CTX_set_msg_callback(statePtr->ctx, MessageCallback); */ |
︙ | ︙ | |||
1719 1720 1721 1722 1723 1724 1725 | static SSL_CTX * CTX_Init(State *statePtr, int isServer, int proto, char *keyfile, char *certfile, unsigned char *key, unsigned char *cert, int key_len, int cert_len, char *CApath, char *CAfile, char *ciphers, char *ciphersuites, int level, char *DHparams) { Tcl_Interp *interp = statePtr->interp; SSL_CTX *ctx = NULL; Tcl_DString ds; | < | 1581 1582 1583 1584 1585 1586 1587 1588 1589 1590 1591 1592 1593 1594 | static SSL_CTX * CTX_Init(State *statePtr, int isServer, int proto, char *keyfile, char *certfile, unsigned char *key, unsigned char *cert, int key_len, int cert_len, char *CApath, char *CAfile, char *ciphers, char *ciphersuites, int level, char *DHparams) { Tcl_Interp *interp = statePtr->interp; SSL_CTX *ctx = NULL; Tcl_DString ds; int off = 0, abort = 0; int load_private_key; const SSL_METHOD *method; dprintf("Called"); if (!proto) { |
︙ | ︙ | |||
1952 1953 1954 1955 1956 1957 1958 1959 1960 1961 1962 1963 1964 1965 | load_private_key = 1; if (SSL_CTX_use_certificate_ASN1(ctx, cert_len, cert) <= 0) { Tcl_AppendResult(interp, "unable to set certificate: ", GET_ERR_REASON(), (char *) NULL); SSL_CTX_free(ctx); return NULL; } } else { certfile = (char*)X509_get_default_cert_file(); if (SSL_CTX_use_certificate_file(ctx, certfile, SSL_FILETYPE_PEM) <= 0) { #if 0 Tcl_AppendResult(interp, "unable to use default certificate file ", certfile, ": ", GET_ERR_REASON(), (char *) NULL); | > | 1813 1814 1815 1816 1817 1818 1819 1820 1821 1822 1823 1824 1825 1826 1827 | load_private_key = 1; if (SSL_CTX_use_certificate_ASN1(ctx, cert_len, cert) <= 0) { Tcl_AppendResult(interp, "unable to set certificate: ", GET_ERR_REASON(), (char *) NULL); SSL_CTX_free(ctx); return NULL; } } else { certfile = (char*)X509_get_default_cert_file(); if (SSL_CTX_use_certificate_file(ctx, certfile, SSL_FILETYPE_PEM) <= 0) { #if 0 Tcl_AppendResult(interp, "unable to use default certificate file ", certfile, ": ", GET_ERR_REASON(), (char *) NULL); |
︙ | ︙ | |||
2117 2118 2119 2120 2121 2122 2123 2124 2125 2126 2127 2128 2129 2130 | /* Get certificate for peer or self */ if (objc == 2) { peer = SSL_get_peer_certificate(statePtr->ssl); } else { peer = SSL_get_certificate(statePtr->ssl); } /* Get X509 certificate info */ if (peer) { objPtr = Tls_NewX509Obj(interp, peer); if (objc == 2) { X509_free(peer); peer = NULL; } | > | 1979 1980 1981 1982 1983 1984 1985 1986 1987 1988 1989 1990 1991 1992 1993 | /* Get certificate for peer or self */ if (objc == 2) { peer = SSL_get_peer_certificate(statePtr->ssl); } else { peer = SSL_get_certificate(statePtr->ssl); } /* Get X509 certificate info */ if (peer) { objPtr = Tls_NewX509Obj(interp, peer); if (objc == 2) { X509_free(peer); peer = NULL; } |
︙ | ︙ | |||
2215 2216 2217 2218 2219 2220 2221 | (void) clientData; if (objc != 2) { Tcl_WrongNumArgs(interp, 1, objv, "channel"); return(TCL_ERROR); } | | | 2078 2079 2080 2081 2082 2083 2084 2085 2086 2087 2088 2089 2090 2091 2092 | (void) clientData; if (objc != 2) { Tcl_WrongNumArgs(interp, 1, objv, "channel"); return(TCL_ERROR); } chan = Tcl_GetChannel(interp, Tcl_GetStringFromObj(objv[1], (Tcl_Size *) NULL), NULL); if (chan == (Tcl_Channel) NULL) { return(TCL_ERROR); } /* Make sure to operate on the topmost channel */ chan = Tcl_GetTopChannel(chan); if (Tcl_GetChannelType(chan) != Tls_ChannelType()) { |
︙ | ︙ | |||
2285 2286 2287 2288 2289 2290 2291 | LAPPEND_INT(interp, objPtr, "algorithm_bits", alg_bits); /* alg_bits is actual key secret bits. If use bits and secret (algorithm) bits differ, the rest of the bits are fixed, i.e. for limited export ciphers (bits < 56) */ /* Indicates which SSL/TLS protocol version first defined the cipher */ LAPPEND_STR(interp, objPtr, "min_version", SSL_CIPHER_get_version(cipher), -1); | | < < < < | > > > > > | 2148 2149 2150 2151 2152 2153 2154 2155 2156 2157 2158 2159 2160 2161 2162 2163 2164 2165 2166 2167 2168 2169 2170 2171 2172 2173 2174 2175 2176 2177 2178 2179 2180 2181 2182 2183 2184 2185 2186 | LAPPEND_INT(interp, objPtr, "algorithm_bits", alg_bits); /* alg_bits is actual key secret bits. If use bits and secret (algorithm) bits differ, the rest of the bits are fixed, i.e. for limited export ciphers (bits < 56) */ /* Indicates which SSL/TLS protocol version first defined the cipher */ LAPPEND_STR(interp, objPtr, "min_version", SSL_CIPHER_get_version(cipher), -1); /* Cipher NID, digest NID (none for AEAD cipher suites), Key Exchange NID, and authentication NID */ LAPPEND_STR(interp, objPtr, "cipherNID", (char *)OBJ_nid2ln(SSL_CIPHER_get_cipher_nid(cipher)), -1); LAPPEND_STR(interp, objPtr, "digestNID", (char *)OBJ_nid2ln(SSL_CIPHER_get_digest_nid(cipher)), -1); LAPPEND_STR(interp, objPtr, "keyExchangeNID", (char *)OBJ_nid2ln(SSL_CIPHER_get_kx_nid(cipher)), -1); LAPPEND_STR(interp, objPtr, "authenticationNID", (char *)OBJ_nid2ln(SSL_CIPHER_get_auth_nid(cipher)), -1); /* message authentication code - Cipher is AEAD (e.g. GCM or ChaCha20/Poly1305) or not */ /* Authenticated Encryption with associated data (AEAD) check */ LAPPEND_BOOL(interp, objPtr, "cipher_is_aead", SSL_CIPHER_is_aead(cipher)); /* Get OpenSSL-specific ID, not IANA ID */ LAPPEND_INT(interp, objPtr, "cipher_id", (int) SSL_CIPHER_get_id(cipher)); /* Two-byte ID used in the TLS protocol of the given cipher */ LAPPEND_INT(interp, objPtr, "protocol_id", (int) SSL_CIPHER_get_protocol_id(cipher)); /* Textual description of the cipher. Includes: cipher name, protocol version, key exchange, authentication, symmetric encryption method, message authentication code */ if (SSL_CIPHER_description(cipher, buf, sizeof(buf)) != NULL) { LAPPEND_STR(interp, objPtr, "description", buf, -1); } /* Digest used during the SSL/TLS handshake when using the cipher. */ md = SSL_CIPHER_get_handshake_digest(cipher); LAPPEND_STR(interp, objPtr, "handshake_digest", (char *)EVP_MD_name(md), -1); } /* Session info */ session = SSL_get_session(ssl); if (session != NULL) { const unsigned char *ticket; size_t len2; |
︙ | ︙ | |||
2409 2410 2411 2412 2413 2414 2415 2416 2417 2418 2419 2420 2421 2422 2423 2424 2425 2426 | /* CA List */ /* IF not a server, same as SSL_get0_peer_CA_list. If server same as SSL_CTX_get_client_CA_list */ listPtr = Tcl_NewListObj(0, NULL); STACK_OF(X509_NAME) *ca_list; if ((ca_list = SSL_get_client_CA_list(ssl)) != NULL) { char buffer[BUFSIZ]; for (int i = 0; i < sk_X509_NAME_num(ca_list); i++) { X509_NAME *name = sk_X509_NAME_value(ca_list, i); if (name) { X509_NAME_oneline(name, buffer, BUFSIZ); Tcl_ListObjAppendElement(interp, listPtr, Tcl_NewStringObj(buffer, -1)); } } } LAPPEND_OBJ(interp, objPtr, "caList", listPtr); LAPPEND_INT(interp, objPtr, "caListCount", sk_X509_NAME_num(ca_list)); | > < < | < < < < < < < < < < < < < < < < < < < < < < < < < | 2273 2274 2275 2276 2277 2278 2279 2280 2281 2282 2283 2284 2285 2286 2287 2288 2289 2290 2291 2292 2293 2294 2295 2296 2297 2298 2299 2300 | /* CA List */ /* IF not a server, same as SSL_get0_peer_CA_list. If server same as SSL_CTX_get_client_CA_list */ listPtr = Tcl_NewListObj(0, NULL); STACK_OF(X509_NAME) *ca_list; if ((ca_list = SSL_get_client_CA_list(ssl)) != NULL) { char buffer[BUFSIZ]; for (int i = 0; i < sk_X509_NAME_num(ca_list); i++) { X509_NAME *name = sk_X509_NAME_value(ca_list, i); if (name) { X509_NAME_oneline(name, buffer, BUFSIZ); Tcl_ListObjAppendElement(interp, listPtr, Tcl_NewStringObj(buffer, -1)); } } } LAPPEND_OBJ(interp, objPtr, "caList", listPtr); LAPPEND_INT(interp, objPtr, "caListCount", sk_X509_NAME_num(ca_list)); Tcl_SetObjResult(interp, objPtr); return TCL_OK; } /* *------------------------------------------------------------------- * * MiscObjCmd -- misc commands |
︙ | ︙ | |||
2804 2805 2806 2807 2808 2809 2810 | } if (TlsLibInit(0) != TCL_OK) { Tcl_AppendResult(interp, "could not initialize SSL library", (char *) NULL); return TCL_ERROR; } | < > | | | > > > | 2642 2643 2644 2645 2646 2647 2648 2649 2650 2651 2652 2653 2654 2655 2656 2657 2658 2659 2660 2661 2662 2663 2664 2665 2666 2667 | } if (TlsLibInit(0) != TCL_OK) { Tcl_AppendResult(interp, "could not initialize SSL library", (char *) NULL); return TCL_ERROR; } Tcl_CreateObjCommand(interp, "tls::connection", ConnectionInfoObjCmd, (ClientData) NULL, (Tcl_CmdDeleteProc *) NULL); Tcl_CreateObjCommand(interp, "tls::handshake", HandshakeObjCmd, (ClientData) NULL, (Tcl_CmdDeleteProc *) NULL); Tcl_CreateObjCommand(interp, "tls::import", ImportObjCmd, (ClientData) NULL, (Tcl_CmdDeleteProc *) NULL); Tcl_CreateObjCommand(interp, "tls::misc", MiscObjCmd, (ClientData) NULL, (Tcl_CmdDeleteProc *) NULL); Tcl_CreateObjCommand(interp, "tls::unimport", UnimportObjCmd, (ClientData) NULL, (Tcl_CmdDeleteProc *) NULL); Tcl_CreateObjCommand(interp, "tls::status", StatusObjCmd, (ClientData) NULL, (Tcl_CmdDeleteProc *) NULL); Tls_DigestCommands(interp); Tls_EncryptCommands(interp); Tls_InfoCommands(interp); Tls_KDFCommands(interp); Tls_RandCommands(interp); if (interp) { Tcl_Eval(interp, tlsTclInitScript); } return Tcl_PkgProvide(interp, PACKAGE_NAME, PACKAGE_VERSION); } |
︙ | ︙ | |||
2946 2947 2948 2949 2950 2951 2952 | rnd_seed[i] = 1 + (char) (255.0 * rand()/(RAND_MAX+1.0)); } RAND_seed(rnd_seed, sizeof(rnd_seed)); } while (RAND_status() != 1); #endif #if defined(OPENSSL_THREADS) && defined(TCL_THREADS) | | | 2787 2788 2789 2790 2791 2792 2793 2794 2795 2796 2797 2798 | rnd_seed[i] = 1 + (char) (255.0 * rand()/(RAND_MAX+1.0)); } RAND_seed(rnd_seed, sizeof(rnd_seed)); } while (RAND_status() != 1); #endif #if defined(OPENSSL_THREADS) && defined(TCL_THREADS) Tcl_MutexUnlock(&init_mx); #endif return(status); } |
Added generic/tlsDigest.c version [b9cf69269c].
Added generic/tlsEncrypt.c version [892582a1b8].
Modified generic/tlsIO.c
from [b25cda1582]
to [bf4be12b9f].
︙ | ︙ | |||
149 150 151 152 153 154 155 | } else { dprintf("Calling SSL_connect()"); err = SSL_connect(statePtr->ssl); } if (err > 0) { dprintf("Accept or connect was successful"); | < | 149 150 151 152 153 154 155 156 157 158 159 160 161 162 | } else { dprintf("Calling SSL_connect()"); err = SSL_connect(statePtr->ssl); } if (err > 0) { dprintf("Accept or connect was successful"); err = BIO_flush(statePtr->bio); if (err <= 0) { dprintf("Flushing the lower layers failed, this will probably terminate this session"); } } else { dprintf("Accept or connect failed"); } |
︙ | ︙ | |||
215 216 217 218 219 220 221 | *errorCodePtr = EINVAL; Tls_Error(statePtr, "Peer has closed the connection for writing by sending the close_notify alert"); return(-1); case SSL_ERROR_SYSCALL: /* Some non-recoverable, fatal I/O error occurred */ dprintf("SSL_ERROR_SYSCALL"); | < | 214 215 216 217 218 219 220 221 222 223 224 225 226 227 | *errorCodePtr = EINVAL; Tls_Error(statePtr, "Peer has closed the connection for writing by sending the close_notify alert"); return(-1); case SSL_ERROR_SYSCALL: /* Some non-recoverable, fatal I/O error occurred */ dprintf("SSL_ERROR_SYSCALL"); if (backingError == 0 && err == 0) { dprintf("EOF reached") *errorCodePtr = ECONNRESET; Tls_Error(statePtr, "(unexpected) EOF reached"); } else if (backingError == 0 && err == -1) { dprintf("I/O error occurred (errno = %lu)", (unsigned long) Tcl_GetErrno()); |
︙ | ︙ | |||
387 388 389 390 391 392 393 | Tls_Error(statePtr, "EOF reached"); } #endif break; case SSL_ERROR_SYSCALL: /* Some non-recoverable, fatal I/O error occurred */ | < | 385 386 387 388 389 390 391 392 393 394 395 396 397 398 | Tls_Error(statePtr, "EOF reached"); } #endif break; case SSL_ERROR_SYSCALL: /* Some non-recoverable, fatal I/O error occurred */ if (backingError == 0 && bytesRead == 0) { /* Unexpected EOF from the peer for OpenSSL 1.1 */ dprintf("(Unexpected) EOF reached") *errorCodePtr = 0; bytesRead = 0; Tls_Error(statePtr, "EOF reached"); |
︙ | ︙ | |||
555 556 557 558 559 560 561 | written = 0; *errorCodePtr = 0; Tls_Error(statePtr, "Peer has closed the connection for writing by sending the close_notify alert"); break; case SSL_ERROR_SYSCALL: /* Some non-recoverable, fatal I/O error occurred */ | < | 552 553 554 555 556 557 558 559 560 561 562 563 564 565 | written = 0; *errorCodePtr = 0; Tls_Error(statePtr, "Peer has closed the connection for writing by sending the close_notify alert"); break; case SSL_ERROR_SYSCALL: /* Some non-recoverable, fatal I/O error occurred */ if (backingError == 0 && written == 0) { dprintf("EOF reached") *errorCodePtr = 0; written = 0; Tls_Error(statePtr, "EOF reached"); } else if (backingError == 0 && written == -1) { |
︙ | ︙ |
Added generic/tlsInfo.c version [3aad12f06f].
Modified generic/tlsInt.h
from [0918403850]
to [d59da98e39].
︙ | ︙ | |||
33 34 35 36 37 38 39 | #ifndef CONST86 # if TCL_MAJOR_VERSION > 8 # define CONST86 const # else # define CONST86 # endif #endif | < > > > > > > | 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 | #ifndef CONST86 # if TCL_MAJOR_VERSION > 8 # define CONST86 const # else # define CONST86 # endif #endif /* * Backwards compatibility for size type change */ #if TCL_MAJOR_VERSION < 9 && TCL_MINOR_VERSION < 7 #include <limits.h> #define TCL_SIZE_MAX INT_MAX #ifndef Tcl_Size typedef int Tcl_Size; #endif #define TCL_SIZE_MODIFIER "" #define Tcl_GetSizeIntFromObj Tcl_GetIntFromObj #define Tcl_NewSizeIntObj Tcl_NewIntObj #define Tcl_NewSizeIntFromObj Tcl_NewWideIntObj #endif #include <openssl/ssl.h> #include <openssl/err.h> #include <openssl/rand.h> #include <openssl/opensslv.h> |
︙ | ︙ | |||
194 195 196 197 198 199 200 201 202 203 204 205 206 | Tcl_Obj *Tls_NewX509Obj(Tcl_Interp *interp, X509 *cert); Tcl_Obj *Tls_NewCAObj(Tcl_Interp *interp, const SSL *ssl, int peer); void Tls_Error(State *statePtr, char *msg); void Tls_Free(char *blockPtr); void Tls_Clean(State *statePtr); int Tls_WaitForConnect(State *statePtr, int *errorCodePtr, int handshakeFailureIsPermanent); BIO *BIO_new_tcl(State* statePtr, int flags); #define PTR2INT(x) ((int) ((intptr_t) (x))) #endif /* _TLSINT_H */ | > > > > > > > > > > > > > > > | 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 | Tcl_Obj *Tls_NewX509Obj(Tcl_Interp *interp, X509 *cert); Tcl_Obj *Tls_NewCAObj(Tcl_Interp *interp, const SSL *ssl, int peer); void Tls_Error(State *statePtr, char *msg); void Tls_Free(char *blockPtr); void Tls_Clean(State *statePtr); int Tls_WaitForConnect(State *statePtr, int *errorCodePtr, int handshakeFailureIsPermanent); int Tls_DigestCommands(Tcl_Interp *interp); int Tls_EncryptCommands(Tcl_Interp *interp); int Tls_InfoCommands(Tcl_Interp *interp); int Tls_KDFCommands(Tcl_Interp *interp); int Tls_RandCommands(Tcl_Interp *interp); BIO *BIO_new_tcl(State* statePtr, int flags); EVP_CIPHER *Util_GetCipher(Tcl_Interp *interp, Tcl_Obj *cipherObj, int no_null); EVP_MD *Util_GetDigest(Tcl_Interp *interp, Tcl_Obj *digestObj, int no_null); unsigned char *Util_GetIV(Tcl_Interp *interp, Tcl_Obj *ivObj, Tcl_Size *len, int max, int no_null); unsigned char *Util_GetKey(Tcl_Interp *interp, Tcl_Obj *keyObj, Tcl_Size *len, char *name, int max, int no_null); unsigned char *Util_GetSalt(Tcl_Interp *interp, Tcl_Obj *saltObj, Tcl_Size *len, int max, int no_null); int Util_GetInt(Tcl_Interp *interp, Tcl_Obj *dataObj, int *value, char *name, int min, int max); #if OPENSSL_VERSION_NUMBER >= 0x30000000L EVP_MAC *Util_GetMAC(Tcl_Interp *interp, Tcl_Obj *MacObj, int no_null); #endif #define PTR2INT(x) ((int) ((intptr_t) (x))) #endif /* _TLSINT_H */ |
Added generic/tlsKDF.c version [a4bcf33c6e].
Added generic/tlsRand.c version [4b096f23cb].
Added generic/tlsUtil.c version [b1b9224457].
Modified generic/tlsX509.c
from [ea8ff7e7c8]
to [051a5b0d6c].
︙ | ︙ | |||
79 80 81 82 83 84 85 | */ Tcl_Obj *Tls_x509Identifier(const ASN1_OCTET_STRING *astring) { Tcl_Obj *resultPtr = NULL; int len = 0; unsigned char buffer[1024]; if (astring != NULL) { | | | 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 | */ Tcl_Obj *Tls_x509Identifier(const ASN1_OCTET_STRING *astring) { Tcl_Obj *resultPtr = NULL; int len = 0; unsigned char buffer[1024]; if (astring != NULL) { len = String_to_Hex((unsigned char *) ASN1_STRING_get0_data(astring), ASN1_STRING_length(astring), buffer, 1024); } resultPtr = Tcl_NewStringObj((char *) &buffer[0], (Tcl_Size) len); return resultPtr; } /* |
︙ | ︙ | |||
431 432 433 434 435 436 437 | /* Subject identifies the entity associated with the public key stored in the subject public key field. RFC 5280 section 4.1.2.6 */ len = BIO_to_Buffer(X509_NAME_print_ex(bio, X509_get_subject_name(cert), 0, flags), bio, buffer, BUFSIZ); LAPPEND_STR(interp, certPtr, "subject", buffer, (Tcl_Size) len); /* SHA1 Digest (Fingerprint) of cert - DER representation */ if (X509_digest(cert, EVP_sha1(), md, &ulen)) { | | | | 431 432 433 434 435 436 437 438 439 440 441 442 443 444 445 446 447 448 449 450 451 | /* Subject identifies the entity associated with the public key stored in the subject public key field. RFC 5280 section 4.1.2.6 */ len = BIO_to_Buffer(X509_NAME_print_ex(bio, X509_get_subject_name(cert), 0, flags), bio, buffer, BUFSIZ); LAPPEND_STR(interp, certPtr, "subject", buffer, (Tcl_Size) len); /* SHA1 Digest (Fingerprint) of cert - DER representation */ if (X509_digest(cert, EVP_sha1(), md, &ulen)) { len = String_to_Hex(md, len, (unsigned char *) buffer, BUFSIZ); LAPPEND_STR(interp, certPtr, "sha1_hash", buffer, (Tcl_Size) ulen); } /* SHA256 Digest (Fingerprint) of cert - DER representation */ if (X509_digest(cert, EVP_sha256(), md, &ulen)) { len = String_to_Hex(md, len, (unsigned char *) buffer, BUFSIZ); LAPPEND_STR(interp, certPtr, "sha256_hash", buffer, (Tcl_Size) ulen); } /* Subject Public Key Info specifies the public key and identifies the algorithm with which the key is used. RFC 5280 section 4.1.2.7 */ if (X509_get_signature_info(cert, &mdnid, &pknid, &bits, &xflags)) { ASN1_BIT_STRING *key; |
︙ | ︙ | |||
477 478 479 480 481 482 483 | LAPPEND_STR(interp, certPtr, "purpose", Tls_x509Purpose(cert), -1); LAPPEND_OBJ(interp, certPtr, "certificatePurpose", Tls_x509Purposes(interp, cert)); /* Get extensions flags */ xflags = X509_get_extension_flags(cert); LAPPEND_INT(interp, certPtr, "extFlags", xflags); | | | | 477 478 479 480 481 482 483 484 485 486 487 488 489 490 491 492 493 494 495 496 497 498 499 500 501 502 | LAPPEND_STR(interp, certPtr, "purpose", Tls_x509Purpose(cert), -1); LAPPEND_OBJ(interp, certPtr, "certificatePurpose", Tls_x509Purposes(interp, cert)); /* Get extensions flags */ xflags = X509_get_extension_flags(cert); LAPPEND_INT(interp, certPtr, "extFlags", xflags); /* Check if cert was issued by CA cert issuer or self signed */ LAPPEND_BOOL(interp, certPtr, "selfIssued", xflags & EXFLAG_SI); LAPPEND_BOOL(interp, certPtr, "selfSigned", xflags & EXFLAG_SS); LAPPEND_BOOL(interp, certPtr, "isProxyCert", xflags & EXFLAG_PROXY); LAPPEND_BOOL(interp, certPtr, "extInvalid", xflags & EXFLAG_INVALID); LAPPEND_BOOL(interp, certPtr, "isCACert", X509_check_ca(cert)); /* The Unique Ids are used to handle the possibility of reuse of subject and/or issuer names over time. RFC 5280 section 4.1.2.8 */ { const ASN1_BIT_STRING *iuid, *suid; X509_get0_uids(cert, &iuid, &suid); Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewStringObj("issuerUniqueId", -1)); if (iuid != NULL) { Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewByteArrayObj((const unsigned char *)iuid->data, (Tcl_Size) iuid->length)); } else { Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewStringObj("", -1)); } |
︙ | ︙ | |||
513 514 515 516 517 518 519 | LAPPEND_INT(interp, certPtr, "extCount", X509_get_ext_count(cert)); LAPPEND_OBJ(interp, certPtr, "extensions", Tls_x509Extensions(interp, cert)); /* Authority Key Identifier (AKI) is the Subject Key Identifier (SKI) of its signer (the CA). RFC 5280 section 4.2.1.1, NID_authority_key_identifier */ LAPPEND_OBJ(interp, certPtr, "authorityKeyIdentifier", Tls_x509Identifier(X509_get0_authority_key_id(cert))); | | | 513 514 515 516 517 518 519 520 521 522 523 524 525 526 527 | LAPPEND_INT(interp, certPtr, "extCount", X509_get_ext_count(cert)); LAPPEND_OBJ(interp, certPtr, "extensions", Tls_x509Extensions(interp, cert)); /* Authority Key Identifier (AKI) is the Subject Key Identifier (SKI) of its signer (the CA). RFC 5280 section 4.2.1.1, NID_authority_key_identifier */ LAPPEND_OBJ(interp, certPtr, "authorityKeyIdentifier", Tls_x509Identifier(X509_get0_authority_key_id(cert))); /* Subject Key Identifier (SKI) is used to identify certificates that contain a particular public key. RFC 5280 section 4.2.1.2, NID_subject_key_identifier */ LAPPEND_OBJ(interp, certPtr, "subjectKeyIdentifier", Tls_x509Identifier(X509_get0_subject_key_id(cert))); /* Key usage extension defines the purpose (e.g., encipherment, signature, certificate signing) of the key in the certificate. RFC 5280 section 4.2.1.3, NID_key_usage */ |
︙ | ︙ | |||
587 588 589 590 591 592 593 | /* Certificate Alias. If uses a PKCS#12 structure, alias will reflect the friendlyName attribute (RFC 2985). */ { len = 0; unsigned char *string = X509_alias_get0(cert, &len); LAPPEND_STR(interp, certPtr, "alias", (char *) string, (Tcl_Size) len); | | | 587 588 589 590 591 592 593 594 595 596 597 598 599 600 601 | /* Certificate Alias. If uses a PKCS#12 structure, alias will reflect the friendlyName attribute (RFC 2985). */ { len = 0; unsigned char *string = X509_alias_get0(cert, &len); LAPPEND_STR(interp, certPtr, "alias", (char *) string, (Tcl_Size) len); string = X509_keyid_get0 (cert, &len); LAPPEND_STR(interp, certPtr, "keyId", (char *) string, (Tcl_Size) len); } /* Certificate and dump all data */ { char certStr[CERT_STR_SIZE]; |
︙ | ︙ |
Modified tests/all.tcl
from [b91d386182]
to [7643c0fdf5].
︙ | ︙ | |||
16 17 18 19 20 21 22 | if {[lsearch [namespace children] ::tcltest] == -1} { package require tcltest namespace import ::tcltest::* } # Get common functions if {[file exists [file join $path common.tcl]]} { | | | | | | | 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 | if {[lsearch [namespace children] ::tcltest] == -1} { package require tcltest namespace import ::tcltest::* } # Get common functions if {[file exists [file join $path common.tcl]]} { source -encoding utf-8 [file join $path common.tcl] } set ::tcltest::testSingleFile false set ::tcltest::testsDirectory [file dir [info script]] # We should ensure that the testsDirectory is absolute. # This was introduced in Tcl 8.3+'s tcltest, so we need a catch. catch {::tcltest::normalizePath ::tcltest::testsDirectory} # # Run all tests in current and any sub directories with an all.tcl file. # set ::exitCode 0 if {[package vsatisfies [package require tcltest] 2.5-]} { if {[::tcltest::runAllTests] == 1} { set ::exitCode 1 } } else { # Hook to determine if any of the tests failed. Then we can exit with the # proper exit code: 0=all passed, 1=one or more failed proc tcltest::cleanupTestsHook {} { variable numTests set ::exitCode [expr {$numTests(Total) == 0 || $numTests(Failed) > 0}] } ::tcltest::runAllTests } # Exit code: 0=all passed, 1=one or more failed exit $::exitCode |
Deleted tests/ciphers.csv version [f4aff3652a].
Deleted tests/ciphers.test version [212c1bf055].
Added tests/digest.csv version [3371cf815e].
Added tests/digest.test version [cdebbb86d7].
Added tests/encrypt.csv version [a8fd540f67].
Added tests/encrypt.test version [30ef9b5ec2].
Added tests/info.csv version [d54aea3b10].
Added tests/info.test version [7b7740348c].
Added tests/kdf.csv version [ecd5209032].
Added tests/kdf.test version [e9cb54f939].
Modified tests/make_test_files.tcl
from [c31b96320d]
to [e265399d3c].
︙ | ︙ | |||
70 71 72 73 74 75 76 | if {$group ne $prev} { incr test set prev $group puts $out "" } # Test case | > | > > > | > | 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 | if {$group ne $prev} { incr test set prev $group puts $out "" } # Test case if {[string index $name 0] ne {$}} { set buffer [format "\ntest %s-%d.%d {%s}" $group $test [incr cases($group)] $name] } else { set buffer [format "\ntest %s-%d.%d %s" $group $test [incr cases($group)] $name] } foreach opt [list -constraints -setup -body -cleanup -match -result -output -errorOutput -returnCodes] { set cmd [string trim [set [string trimleft $opt "-"]]] if {$cmd ne ""} { if {$opt in [list -setup -body -cleanup]} { append buffer " " $opt " \{\n" foreach line [split $cmd ";"] { append buffer \t [string trim $line] \n } append buffer " \}" } elseif {$opt in [list -output -errorOutput]} { append buffer " " $opt " {" $cmd \n "}" } elseif {$opt in [list -result]} { if {[string index $cmd 0] in [list \[ \" \{ \$]} { append buffer " " $opt " " $cmd } elseif {[string match {*[\\$]*} $cmd]} { append buffer " " $opt " \"" [string map [list \\\\\" \\\"] [string map [list \" \\\" ] $cmd]] "\"" } else { append buffer " " $opt " {" $cmd "}" } } else { append buffer " " $opt " {" $cmd "}" } } } puts $out $buffer } else { # Empty line puts $out "" } break } } # Output clean-up commands puts $out "\n# Cleanup\n::tcltest::cleanupTests\nreturn" |
︙ | ︙ |
Added tests/random.csv version [354daf498a].
Added tests/random.test version [13cb064c8c].
Added tests/test_vectors/Hash/BLAKE2b512.test version [878053b68e].
Added tests/test_vectors/Hash/BLAKE2b512.txt version [d3c92f5aad].
Added tests/test_vectors/Hash/BLAKE2s256.test version [4b48cf365e].
Added tests/test_vectors/Hash/BLAKE2s256.txt version [e3f8f87e87].
Added tests/test_vectors/Hash/MD2.test version [7aa85ed2f2].
Added tests/test_vectors/Hash/MD2.txt version [72dbd4087b].
Added tests/test_vectors/Hash/MD4.test version [de02bac398].
Added tests/test_vectors/Hash/MD4.txt version [e0a9e8ce64].
Added tests/test_vectors/Hash/MD5.test version [02d5c9878c].
Added tests/test_vectors/Hash/MD5.txt version [1f89db3968].
Added tests/test_vectors/Hash/MDC2.test version [a104d54869].
Added tests/test_vectors/Hash/MDC2.txt version [c90b9728d3].
Added tests/test_vectors/Hash/RIPEMD128.test version [537f06a40f].
Added tests/test_vectors/Hash/RIPEMD128.txt version [8200be1de0].
Added tests/test_vectors/Hash/RIPEMD160.test version [270ed19e2a].
Added tests/test_vectors/Hash/RIPEMD160.txt version [822adc817c].
Added tests/test_vectors/Hash/RIPEMD256.test version [5c641c09c2].
Added tests/test_vectors/Hash/RIPEMD256.txt version [df8dae9590].
Added tests/test_vectors/Hash/RIPEMD320.test version [317a9f765a].
Added tests/test_vectors/Hash/RIPEMD320.txt version [c4941d7c67].
Added tests/test_vectors/Hash/Readme.txt version [6c4218a069].
Added tests/test_vectors/Hash/SHA1.test version [b788694073].
Added tests/test_vectors/Hash/SHA1.txt version [5945652b07].
Added tests/test_vectors/Hash/SHA1LongMsg.rsp version [dbdb8addfb].
Added tests/test_vectors/Hash/SHA1LongMsg.test version [aa0f0dbbbe].
Added tests/test_vectors/Hash/SHA1Monte.rsp version [4d2e851fac].
Added tests/test_vectors/Hash/SHA1Monte.txt version [b358759788].
Added tests/test_vectors/Hash/SHA1ShortMsg.rsp version [ed95dce9c8].
Added tests/test_vectors/Hash/SHA1ShortMsg.test version [c53c8d2ca7].
Added tests/test_vectors/Hash/SHA224.test version [fe91ce1b6d].
Added tests/test_vectors/Hash/SHA224.txt version [8994f85662].
Added tests/test_vectors/Hash/SHA224LongMsg.rsp version [7da7ea8843].
Added tests/test_vectors/Hash/SHA224LongMsg.test version [6716118175].
Added tests/test_vectors/Hash/SHA224Monte.rsp version [5c52dbe5fd].
Added tests/test_vectors/Hash/SHA224Monte.txt version [e24a7320cb].
Added tests/test_vectors/Hash/SHA224ShortMsg.rsp version [81d8b1b6a9].
Added tests/test_vectors/Hash/SHA224ShortMsg.test version [75e4fa0158].
Added tests/test_vectors/Hash/SHA256.test version [ebd0ad0c96].
Added tests/test_vectors/Hash/SHA256.txt version [848f077d7a].
Added tests/test_vectors/Hash/SHA256LongMsg.rsp version [9a9ff814db].
Added tests/test_vectors/Hash/SHA256LongMsg.test version [760719818f].
Added tests/test_vectors/Hash/SHA256Monte.rsp version [e791ad56c6].
Added tests/test_vectors/Hash/SHA256Monte.txt version [5cbfa7eac0].
Added tests/test_vectors/Hash/SHA256ShortMsg.rsp version [cc5e6df184].
Added tests/test_vectors/Hash/SHA256ShortMsg.test version [c21ec20562].
Added tests/test_vectors/Hash/SHA3-224.test version [9fc3e3754f].
Added tests/test_vectors/Hash/SHA3-224.txt version [0a9192723b].
Added tests/test_vectors/Hash/SHA3-256.test version [f3a4dd335c].
Added tests/test_vectors/Hash/SHA3-256.txt version [48114e564c].
Added tests/test_vectors/Hash/SHA3-384.test version [6b46875f9b].
Added tests/test_vectors/Hash/SHA3-384.txt version [37fb9bedac].
Added tests/test_vectors/Hash/SHA3-512.test version [6da8f64028].
Added tests/test_vectors/Hash/SHA3-512.txt version [abf73210ae].
Added tests/test_vectors/Hash/SHA384.test version [e30ff48b23].
Added tests/test_vectors/Hash/SHA384.txt version [a59fdbd28c].
Added tests/test_vectors/Hash/SHA384LongMsg.rsp version [68bddc79c6].
Added tests/test_vectors/Hash/SHA384LongMsg.test version [d649a9d8c0].
Added tests/test_vectors/Hash/SHA384Monte.rsp version [81ad726d0a].
Added tests/test_vectors/Hash/SHA384Monte.txt version [eb4d039dbb].
Added tests/test_vectors/Hash/SHA384ShortMsg.rsp version [20b46919ed].
Added tests/test_vectors/Hash/SHA384ShortMsg.test version [af2f570629].
Added tests/test_vectors/Hash/SHA3_224LongMsg.rsp version [168d15a8b0].
Added tests/test_vectors/Hash/SHA3_224LongMsg.test version [9b8c6ad752].
Added tests/test_vectors/Hash/SHA3_224Monte.rsp version [423c5d169a].
Added tests/test_vectors/Hash/SHA3_224ShortMsg.rsp version [953ebf8b62].
Added tests/test_vectors/Hash/SHA3_224ShortMsg.test version [3a294388e3].
Added tests/test_vectors/Hash/SHA3_256LongMsg.rsp version [e4cdbd523e].
Added tests/test_vectors/Hash/SHA3_256LongMsg.test version [a51e956734].
Added tests/test_vectors/Hash/SHA3_256Monte.rsp version [8f24bb96f6].
Added tests/test_vectors/Hash/SHA3_256ShortMsg.rsp version [c3416d5f3b].
Added tests/test_vectors/Hash/SHA3_256ShortMsg.test version [f903bbd26a].
Added tests/test_vectors/Hash/SHA3_384LongMsg.rsp version [f10abc91a6].
Added tests/test_vectors/Hash/SHA3_384LongMsg.test version [770b8b5386].
Added tests/test_vectors/Hash/SHA3_384Monte.rsp version [76ef953968].
Added tests/test_vectors/Hash/SHA3_384ShortMsg.rsp version [a36843bb9b].
Added tests/test_vectors/Hash/SHA3_384ShortMsg.test version [5c1fe28c3a].
Added tests/test_vectors/Hash/SHA3_512LongMsg.rsp version [0bbf186754].
Added tests/test_vectors/Hash/SHA3_512LongMsg.test version [9df6f986a6].
Added tests/test_vectors/Hash/SHA3_512Monte.rsp version [7d4535045e].
Added tests/test_vectors/Hash/SHA3_512ShortMsg.rsp version [704cd930ab].
Added tests/test_vectors/Hash/SHA3_512ShortMsg.test version [73cf5b5e94].
Added tests/test_vectors/Hash/SHA512-224.test version [8ff47a0a0e].
Added tests/test_vectors/Hash/SHA512-224.txt version [2c6688a4b5].
Added tests/test_vectors/Hash/SHA512-256.test version [87ec5e51fc].
Added tests/test_vectors/Hash/SHA512-256.txt version [8c9d8ea3f3].
Added tests/test_vectors/Hash/SHA512.test version [26e7224bc7].
Added tests/test_vectors/Hash/SHA512.txt version [6130019457].
Added tests/test_vectors/Hash/SHA512LongMsg.rsp version [7b0b7120f4].
Added tests/test_vectors/Hash/SHA512LongMsg.test version [cbaa50c9b9].
Added tests/test_vectors/Hash/SHA512Monte.rsp version [b59d6599c8].
Added tests/test_vectors/Hash/SHA512Monte.txt version [8b33951465].
Added tests/test_vectors/Hash/SHA512ShortMsg.rsp version [9ea217fd07].
Added tests/test_vectors/Hash/SHA512ShortMsg.test version [3059eaebf0].
Added tests/test_vectors/Hash/SHA512_224LongMsg.rsp version [e09f1924d5].
Added tests/test_vectors/Hash/SHA512_224LongMsg.test version [604ca506ef].
Added tests/test_vectors/Hash/SHA512_224Monte.rsp version [35cbf23f88].
Added tests/test_vectors/Hash/SHA512_224Monte.txt version [ac358a4d14].
Added tests/test_vectors/Hash/SHA512_224ShortMsg.rsp version [bfcfe7aae4].
Added tests/test_vectors/Hash/SHA512_224ShortMsg.test version [e55e8f47d1].
Added tests/test_vectors/Hash/SHA512_256LongMsg.rsp version [0c7527584a].
Added tests/test_vectors/Hash/SHA512_256LongMsg.test version [c707997f0b].
Added tests/test_vectors/Hash/SHA512_256Monte.rsp version [a9f88d891a].
Added tests/test_vectors/Hash/SHA512_256Monte.txt version [a96020f051].
Added tests/test_vectors/Hash/SHA512_256ShortMsg.rsp version [99d45606e7].
Added tests/test_vectors/Hash/SHA512_256ShortMsg.test version [415d0b45a5].
Added tests/test_vectors/Hash/SHAKE128.test version [4b0878e01e].
Added tests/test_vectors/Hash/SHAKE128.txt version [0a5deb8560].
Added tests/test_vectors/Hash/SHAKE128LongMsg.rsp version [3e240fc1bf].
Added tests/test_vectors/Hash/SHAKE128LongMsg.test version [44fabe5596].
Added tests/test_vectors/Hash/SHAKE128Monte.rsp version [578e911e6e].
Added tests/test_vectors/Hash/SHAKE128ShortMsg.rsp version [353efe20e1].
Added tests/test_vectors/Hash/SHAKE128ShortMsg.test version [226145f845].
Added tests/test_vectors/Hash/SHAKE128VariableOut.rsp version [daf50013d2].
Added tests/test_vectors/Hash/SHAKE256.test version [2e2114455d].
Added tests/test_vectors/Hash/SHAKE256.txt version [4480b876cb].
Added tests/test_vectors/Hash/SHAKE256LongMsg.rsp version [8cca1f96ad].
Added tests/test_vectors/Hash/SHAKE256LongMsg.test version [2df811874e].
Added tests/test_vectors/Hash/SHAKE256Monte.rsp version [cbb56034d0].
Added tests/test_vectors/Hash/SHAKE256ShortMsg.rsp version [72834c5f7f].
Added tests/test_vectors/Hash/SHAKE256ShortMsg.test version [2229c179b0].
Added tests/test_vectors/Hash/SHAKE256VariableOut.rsp version [8811fe0aa0].
Added tests/test_vectors/Hash/SM3.test version [c919bfff86].
Added tests/test_vectors/Hash/SM3.txt version [79643d2e88].
Added tests/test_vectors/Hash/WHIRLPOOL.test version [085626bf56].
Added tests/test_vectors/Hash/WHIRLPOOL.txt version [11ce31a497].
Added tests/test_vectors/Hash/all.tcl version [4b0e755a54].
Added tests/test_vectors/Hash/make_test.tcl version [e263a6e534].
Added tests/test_vectors/KDF/HKDF-SHA1.test version [0f24bd78b2].
Added tests/test_vectors/KDF/HKDF-SHA1.txt version [091164e5bd].
Added tests/test_vectors/KDF/HKDF-SHA224.test version [dab2af44bf].
Added tests/test_vectors/KDF/HKDF-SHA224.txt version [e1709aae8b].
Added tests/test_vectors/KDF/HKDF-SHA256.test version [252b5b0c05].
Added tests/test_vectors/KDF/HKDF-SHA256.txt version [df67ce3539].
Added tests/test_vectors/KDF/HKDF-SHA384.test version [49565c7872].
Added tests/test_vectors/KDF/HKDF-SHA384.txt version [cb2eac62b3].
Added tests/test_vectors/KDF/HKDF-SHA512.test version [5ccc31e9c4].
Added tests/test_vectors/KDF/HKDF-SHA512.txt version [3b3b416e62].
Added tests/test_vectors/KDF/PBKDF2-SHA1.test version [b929ed5d95].
Added tests/test_vectors/KDF/PBKDF2-SHA1.txt version [732437c2e8].
Added tests/test_vectors/KDF/PBKDF2-SHA224.test version [d25ac1a05b].
Added tests/test_vectors/KDF/PBKDF2-SHA224.txt version [f5f610fe64].
Added tests/test_vectors/KDF/PBKDF2-SHA256.test version [34e71146bc].
Added tests/test_vectors/KDF/PBKDF2-SHA256.txt version [ecc15b287a].
Added tests/test_vectors/KDF/PBKDF2-SHA384.test version [4b8ba99f25].
Added tests/test_vectors/KDF/PBKDF2-SHA384.txt version [57fec8e1a5].
Added tests/test_vectors/KDF/PBKDF2-SHA512.test version [f8af04f1ce].
Added tests/test_vectors/KDF/PBKDF2-SHA512.txt version [35b0e900f6].
Added tests/test_vectors/KDF/Scrypt.test version [d620205d39].
Added tests/test_vectors/KDF/Scrypt.txt version [fcdaf5e551].
Added tests/test_vectors/KDF/all.tcl version [4b0e755a54].
Added tests/test_vectors/KDF/make_test.tcl version [81cc8928e5].
Added tests/test_vectors/MAC/CMAC-AES-128-CBC.test version [d14d6c41f8].
Added tests/test_vectors/MAC/CMAC-AES-128-CBC.txt version [e79fc9b070].
Added tests/test_vectors/MAC/CMAC-AES-192-CBC.test version [c76103756c].
Added tests/test_vectors/MAC/CMAC-AES-192-CBC.txt version [1327ebd19f].
Added tests/test_vectors/MAC/CMAC-AES-256-CBC.test version [6e63940e52].
Added tests/test_vectors/MAC/CMAC-AES-256-CBC.txt version [37559b28d2].
Added tests/test_vectors/MAC/CMAC-DES3.test version [b9e7e07b9a].
Added tests/test_vectors/MAC/CMAC-DES3.txt version [7b40c26c2f].
Added tests/test_vectors/MAC/HMAC.rsp version [23d90fe189].
Added tests/test_vectors/MAC/HMAC.test version [c9b77bcdaf].
Added tests/test_vectors/MAC/HMAC_MD5.test version [fc01310160].
Added tests/test_vectors/MAC/HMAC_MD5.txt version [28320e2e15].
Added tests/test_vectors/MAC/HMAC_RIPEMD128.test version [9121025e8e].
Added tests/test_vectors/MAC/HMAC_RIPEMD128.txt version [3e487cc771].
Added tests/test_vectors/MAC/HMAC_RIPEMD160.test version [35aae3b57b].
Added tests/test_vectors/MAC/HMAC_RIPEMD160.txt version [bb21e99891].
Added tests/test_vectors/MAC/HMAC_SHA1.test version [48dc8e00f7].
Added tests/test_vectors/MAC/HMAC_SHA1.txt version [bbeb4deaa9].
Added tests/test_vectors/MAC/HMAC_SHA224.test version [b00e1522a7].
Added tests/test_vectors/MAC/HMAC_SHA224.txt version [55c849f12e].
Added tests/test_vectors/MAC/HMAC_SHA256.test version [cb978a5d93].
Added tests/test_vectors/MAC/HMAC_SHA256.txt version [32c296d1a9].
Added tests/test_vectors/MAC/HMAC_SHA3-224.test version [a320826719].
Added tests/test_vectors/MAC/HMAC_SHA3-224.txt version [7733ead9c2].
Added tests/test_vectors/MAC/HMAC_SHA3-256.test version [93592f1dcc].
Added tests/test_vectors/MAC/HMAC_SHA3-256.txt version [c17f79ca22].
Added tests/test_vectors/MAC/HMAC_SHA3-384.test version [3b78c7f734].
Added tests/test_vectors/MAC/HMAC_SHA3-384.txt version [8df953a228].
Added tests/test_vectors/MAC/HMAC_SHA3-512.test version [9537fd8299].
Added tests/test_vectors/MAC/HMAC_SHA3-512.txt version [a1ac4ceeaf].
Added tests/test_vectors/MAC/HMAC_SHA384.test version [97f8b6bb77].
Added tests/test_vectors/MAC/HMAC_SHA384.txt version [28134b68af].
Added tests/test_vectors/MAC/HMAC_SHA512.test version [c035b2c1e6].
Added tests/test_vectors/MAC/HMAC_SHA512.txt version [ffd58ca5b8].
Added tests/test_vectors/MAC/all.tcl version [4b0e755a54].
Added tests/test_vectors/MAC/make_test.tcl version [37d1b71b39].
Added tests/test_vectors/all.tcl version [4b0e755a54].
Modified win/makefile.vc
from [11d5b7bf2c]
to [75e334f091].
︙ | ︙ | |||
23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 | # Define the object files and resource file that make up the extension. # Note the resource file does not makes sense if doing a static library build # hence it is under that condition. TMP_DIR is the output directory # defined by rules for object files. PRJ_OBJS = $(TMP_DIR)\tls.obj \ $(TMP_DIR)\tlsBIO.obj \ $(TMP_DIR)\tlsIO.obj \ $(TMP_DIR)\tlsX509.obj # Define any additional project include flags # SSL_INSTALL_FOLDER = with the OpenSSL installation folder following. PRJ_INCLUDES = -I"$(SSL_INSTALL_FOLDER)\include" -I"$(OPENSSL_INSTALL_DIR)\include" # Define any additional compiler flags that might be required for the project PRJ_DEFINES = -D NO_SSL2 -D NO_SSL3 -D _CRT_SECURE_NO_WARNINGS | > > > > > > | > > > > > | 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 | # Define the object files and resource file that make up the extension. # Note the resource file does not makes sense if doing a static library build # hence it is under that condition. TMP_DIR is the output directory # defined by rules for object files. PRJ_OBJS = $(TMP_DIR)\tls.obj \ $(TMP_DIR)\tlsBIO.obj \ $(TMP_DIR)\tlsDigest.obj \ $(TMP_DIR)\tlsEncrypt.obj \ $(TMP_DIR)\tlsInfo.obj \ $(TMP_DIR)\tlsIO.obj \ $(TMP_DIR)\tlsKDF.obj \ $(TMP_DIR)\tlsRand.obj \ $(TMP_DIR)\tlsUtil.obj \ $(TMP_DIR)\tlsX509.obj # Define any additional project include flags # SSL_INSTALL_FOLDER = with the OpenSSL installation folder following. PRJ_INCLUDES = -I"$(SSL_INSTALL_FOLDER)\include" -I"$(OPENSSL_INSTALL_DIR)\include" # Define any additional compiler flags that might be required for the project PRJ_DEFINES = -D NO_SSL2 -D NO_SSL3 -D _CRT_SECURE_NO_WARNINGS # # SSL Libs: # 1. ${LIBCRYPTO}.dll # 2. ${LIBSSL}.dll # Where LIBCRYPTO (#1.) and LIBSSL (#2.) are defined as follows: # v1.1: libcrypto-1.1-x64.dll and libssl-1.1-x64.dll # v3: libcrypto-3-x64.dll and libssl-3-x64.dll # On *nix libcrypto.so.* and libssl.so.* (where suffix is a version indicator). # PRJ_LIBS = \ "$(SSL_INSTALL_FOLDER)\lib\libssl.lib" \ "$(SSL_INSTALL_FOLDER)\lib\libcrypto.lib" \ WS2_32.LIB GDI32.LIB ADVAPI32.LIB CRYPT32.LIB USER32.LIB # Define the standard targets !include "targets.vc" # Project specific targets all: clean: default-clean # We must define a pkgindex target that will create a pkgIndex.tcl # file in the $(OUT_DIR) directory. We can just redirect to the # default-pkgindex target for our sample extension. pkgindex: default-pkgindex # The default install target only installs binaries and scripts so add # an additional target for our documentation. Note this *adds* a target # since no commands are listed after it. The original targets for # install (from targets.vc) will remain. install: default-pkgindex-tea default-install default-install-docs-html # Test package test: default-test |