Check-in [a652b4f6a7]

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment: * tls.c: Applied Jeff's patch from http://www.mail-archive.com/aolserver@listserv.aol.com/msg12356.html
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA1:a652b4f6a7af54b5aea8a98918228929eaec568c
User & Date: andreas_kupries 2012-06-01 22:59:03
Context
2012-06-01
23:03
* configure.in: Bump to version 1.6.2. * win/makefile.vc: * configure: regen with ac-2.59 check-in: e8bcabbd0a user: andreas_kupries tags: trunk
22:59
* tls.c: Applied Jeff's patch from http://www.mail-archive.com/aolserver@listserv.aol.com/msg12356.html check-in: a652b4f6a7 user: andreas_kupries tags: trunk
2010-08-12
01:31
note tls-1-6-1 tag date check-in: 4cb2697d98 user: hobbs2 tags: trunk, tls-1-6-1
Changes

Changes to ChangeLog.






1
2
3
4
5
6
7





2010-08-11  Jeff Hobbs  <jeffh@ActiveState.com>

	*** TLS 1.6.1 TAGGED ***

	* configure: regen with ac-2.59
	* win/makefile.vc, configure.in: bump version to 1.6.1
	* tclconfig/tcl.m4: updated to TEA 3.8
>
>
>
>
>







1
2
3
4
5
6
7
8
9
10
11
12
2012-06-01  Andreas Kupries  <andreask@activestate.com>

	* tls.c: Applied Jeff's patch from
	  http://www.mail-archive.com/aolserver@listserv.aol.com/msg12356.html
	
2010-08-11  Jeff Hobbs  <jeffh@ActiveState.com>

	*** TLS 1.6.1 TAGGED ***

	* configure: regen with ac-2.59
	* win/makefile.vc, configure.in: bump version to 1.6.1
	* tclconfig/tcl.m4: updated to TEA 3.8

Changes to tls.c.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
...
126
127
128
129
130
131
132







































133
134
135
136
137
138
139
....
1466
1467
1468
1469
1470
1471
1472



1473
1474
1475
1476
1477
1478
1479
....
1497
1498
1499
1500
1501
1502
1503


















1504
1505
1506
1507
1508
1509
1510
/*
 * Copyright (C) 1997-1999 Matt Newman <matt@novadigm.com>
 * some modifications:
 *	Copyright (C) 2000 Ajuba Solutions
 *	Copyright (C) 2002 ActiveState Corporation
 *	Copyright (C) 2004 Starfish Systems 
 *
 * $Header: /home/rkeene/tmp/cvs2fossil/../tcltls/tls/tls/tls.c,v 1.31 2010/08/11 19:50:50 hobbs2 Exp $
 *
 * TLS (aka SSL) Channel - can be layered on any bi-directional
 * Tcl_Channel (Note: Requires Trf Core Patch)
 *
 * This was built (almost) from scratch based upon observation of
 * OpenSSL 0.9.2B
 *
................................................................................

#ifndef STACK_OF
#define STACK_OF(x)			STACK
#define sk_SSL_CIPHER_num(sk)		sk_num((sk))
#define sk_SSL_CIPHER_value( sk, index)	(SSL_CIPHER*)sk_value((sk), (index))
#endif








































 
/*
 *-------------------------------------------------------------------
 *
 * InfoCallback --
 *
 *	monitors SSL connection process
................................................................................

int
Tls_Init(Tcl_Interp *interp)		/* Interpreter in which the package is
					 * to be made available. */
{
    int major, minor, patchlevel, release, i;
    char rnd_seed[16] = "GrzSlplKqUdnnzP!";	/* 16 bytes */




    /*
     * The original 8.2.0 stacked channel implementation (and the patch
     * that preceded it) had problems with scalability and robustness.
     * These were address in 8.3.2 / 8.4a2, so we now require that as a
     * minimum for TLS 1.4+.  We only support 8.2+ now (8.3.2+ preferred).
     */
................................................................................
	    (release == TCL_FINAL_RELEASE) && (patchlevel >= 2))))) {
	/* 8.3.2+ */
	channelTypeVersion = TLS_CHANNEL_VERSION_2;
    } else {
	/* 8.2.0 - 8.3.1 */
	channelTypeVersion = TLS_CHANNEL_VERSION_1;
    }



















    if (SSL_library_init() != 1) {
	Tcl_AppendResult(interp, "could not initialize SSL library", NULL);
	return TCL_ERROR;
    }
    SSL_load_error_strings();
    ERR_load_crypto_strings();







|







 







>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>







 







>
>
>







 







>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>







1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
...
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
....
1505
1506
1507
1508
1509
1510
1511
1512
1513
1514
1515
1516
1517
1518
1519
1520
1521
....
1539
1540
1541
1542
1543
1544
1545
1546
1547
1548
1549
1550
1551
1552
1553
1554
1555
1556
1557
1558
1559
1560
1561
1562
1563
1564
1565
1566
1567
1568
1569
1570
/*
 * Copyright (C) 1997-1999 Matt Newman <matt@novadigm.com>
 * some modifications:
 *	Copyright (C) 2000 Ajuba Solutions
 *	Copyright (C) 2002 ActiveState Corporation
 *	Copyright (C) 2004 Starfish Systems 
 *
 * $Header: /home/rkeene/tmp/cvs2fossil/../tcltls/tls/tls/tls.c,v 1.32 2012/06/01 22:59:03 andreas_kupries Exp $
 *
 * TLS (aka SSL) Channel - can be layered on any bi-directional
 * Tcl_Channel (Note: Requires Trf Core Patch)
 *
 * This was built (almost) from scratch based upon observation of
 * OpenSSL 0.9.2B
 *
................................................................................

#ifndef STACK_OF
#define STACK_OF(x)			STACK
#define sk_SSL_CIPHER_num(sk)		sk_num((sk))
#define sk_SSL_CIPHER_value( sk, index)	(SSL_CIPHER*)sk_value((sk), (index))
#endif

/*
 * Thread-Safe TLS Code
 */

#ifdef TCL_THREADS
#define OPENSSL_THREAD_DEFINES
#include <openssl/opensslconf.h>

#ifdef OPENSSL_THREADS
#include <openssl/crypto.h>

/*
 * Threaded operation requires locking callbacks
 * Based from /crypto/cryptlib.c of OpenSSL and NSOpenSSL.
 */

static Tcl_Mutex locks[CRYPTO_NUM_LOCKS];

static void          CryptoThreadLockCallback (int mode, int n, const char *file, int line);
static unsigned long CryptoThreadIdCallback   (void);

static void
CryptoThreadLockCallback(int mode, int n, const char *file, int line)
{
    if (mode & CRYPTO_LOCK) {
       Tcl_MutexLock(&locks[n]);
    } else {
       Tcl_MutexUnlock(&locks[n]);
    }
}

static unsigned long
CryptoThreadIdCallback(void)
{
    return (unsigned long) Tcl_GetCurrentThread();
}
#endif /* OPENSSL_THREADS */
#endif /* TCL_THREADS */

 
/*
 *-------------------------------------------------------------------
 *
 * InfoCallback --
 *
 *	monitors SSL connection process
................................................................................

int
Tls_Init(Tcl_Interp *interp)		/* Interpreter in which the package is
					 * to be made available. */
{
    int major, minor, patchlevel, release, i;
    char rnd_seed[16] = "GrzSlplKqUdnnzP!";	/* 16 bytes */
#if defined(OPENSSL_THREADS) && defined(TCL_THREADS)
    size_t num_locks;
#endif

    /*
     * The original 8.2.0 stacked channel implementation (and the patch
     * that preceded it) had problems with scalability and robustness.
     * These were address in 8.3.2 / 8.4a2, so we now require that as a
     * minimum for TLS 1.4+.  We only support 8.2+ now (8.3.2+ preferred).
     */
................................................................................
	    (release == TCL_FINAL_RELEASE) && (patchlevel >= 2))))) {
	/* 8.3.2+ */
	channelTypeVersion = TLS_CHANNEL_VERSION_2;
    } else {
	/* 8.2.0 - 8.3.1 */
	channelTypeVersion = TLS_CHANNEL_VERSION_1;
    }

    if (CRYPTO_set_mem_functions((void *(*)(size_t))Tcl_Alloc,
				 (void *(*)(void *, size_t))Tcl_Realloc,
				 (void(*)(void *))Tcl_Free) == 0) {
       /* Not using Tcl's mem functions ... not critical */
    }

#if defined(OPENSSL_THREADS) && defined(TCL_THREADS)
    /* should we consider allocating mutexes? */
    num_locks = CRYPTO_num_locks();
    if (num_locks > CRYPTO_NUM_LOCKS) {
       Tcl_AppendResult(interp, "crypto num locks size error", NULL);
       return TCL_ERROR;
    }

    CRYPTO_set_locking_callback(CryptoThreadLockCallback);
    CRYPTO_set_id_callback(CryptoThreadIdCallback);
#endif

    if (SSL_library_init() != 1) {
	Tcl_AppendResult(interp, "could not initialize SSL library", NULL);
	return TCL_ERROR;
    }
    SSL_load_error_strings();
    ERR_load_crypto_strings();