Patch to compile tcl-tls-1.6.7 against OpenSSL-1.1.0

This is a patch to compile tls 1.6.7-src.tar.gz for Tcl with openssl-1.1.0.

Index: tls.c =================================================================== RCS file: /home/kabe/cvsroot/tls/tls.c,v retrieving revision 1.1.1.1 diff -u -p -r1.1.1.1 tls.c --- tls.c 2 Apr 2017 06:36:10 -0000 1.1.1.1 +++ tls.c 3 Apr 2017 10:19:10 -0000 @@ -115,15 +115,23 @@ static unsigned char dh2048_g[]={ static DH *get_dh2048() { DH *dh=NULL; + BIGNUM *p=NULL, *g=NULL; if ((dh=DH_new()) == NULL) return(NULL); - dh->p=BN_bin2bn(dh2048_p,sizeof(dh2048_p),NULL); - dh->g=BN_bin2bn(dh2048_g,sizeof(dh2048_g),NULL); - - if ((dh->p == NULL) || (dh->g == NULL)) - return(NULL); + p=BN_bin2bn(dh2048_p,sizeof(dh2048_p),NULL); + g=BN_bin2bn(dh2048_g,sizeof(dh2048_g),NULL); + if (!p || !g) { + goto err; + } + if (!DH_set0_pqg(dh, p, NULL, g)) { + goto err; + } return(dh); +err: + BN_free(p); + BN_free(g); + return(NULL); } #endif @@ -170,7 +178,6 @@ int channelTypeVersion; static Tcl_Mutex locks[CRYPTO_NUM_LOCKS]; static Tcl_Mutex init_mx; -static int initialized; static void CryptoThreadLockCallback (int mode, int n, const char *file, int line); static unsigned long CryptoThreadIdCallback (void); @@ -310,7 +317,7 @@ VerifyCallback(int ok, X509_STORE_CTX *c Tcl_Obj *cmdPtr, *result; char *errStr, *string; int length; - SSL *ssl = (SSL*)X509_STORE_CTX_get_app_data(ctx); + SSL *ssl = (SSL*)X509_STORE_CTX_get_ex_data(ctx, SSL_get_ex_data_X509_STORE_CTX_idx()); X509 *cert = X509_STORE_CTX_get_current_cert(ctx); State *statePtr = (State*)SSL_get_app_data(ssl); int depth = X509_STORE_CTX_get_error_depth(ctx); @@ -554,14 +561,14 @@ CiphersObjCmd(clientData, interp, objc, } switch ((enum protocol)index) { case TLS_SSL2: -#if defined(NO_SSL2) +#if defined(NO_SSL2) || OPENSSL_VERSION_NUMBER >= 0x10100000L Tcl_AppendResult(interp, "protocol not supported", NULL); return TCL_ERROR; #else ctx = SSL_CTX_new(SSLv2_method()); break; #endif case TLS_SSL3: -#if defined(NO_SSL3) +#if defined(NO_SSL3) || OPENSSL_VERSION_NUMBER >= 0x10100000L Tcl_AppendResult(interp, "protocol not supported", NULL); return TCL_ERROR; #else @@ -754,12 +761,12 @@ ImportObjCmd(clientData, interp, objc, o #ifndef OPENSSL_NO_TLSEXT char *servername = NULL; /* hostname for Server Name Indication */ #endif -#if defined(NO_SSL2) +#if defined(NO_SSL2) || OPENSSL_VERSION_NUMBER >= 0x10100000L int ssl2 = 0; #else int ssl2 = 1; #endif -#if defined(NO_SSL3) +#if defined(NO_SSL3) || OPENSSL_VERSION_NUMBER >= 0x10100000L int ssl3 = 0; #else int ssl3 = 1; @@ -1069,13 +1076,13 @@ CTX_Init(statePtr, proto, key, cert, CAd } /* create SSL context */ -#if defined(NO_SSL2) +#if defined(NO_SSL2) || OPENSSL_VERSION_NUMBER >= 0x10100000L if (ENABLED(proto, TLS_PROTO_SSL2)) { Tcl_AppendResult(interp, "protocol not supported", NULL); return (SSL_CTX *)0; } #endif -#if defined(NO_SSL3) +#if defined(NO_SSL3) || OPENSSL_VERSION_NUMBER >= 0x10100000L if (ENABLED(proto, TLS_PROTO_SSL3)) { Tcl_AppendResult(interp, "protocol not supported", NULL); return (SSL_CTX *)0; @@ -1101,12 +1108,12 @@ CTX_Init(statePtr, proto, key, cert, CAd #endif switch (proto) { -#if !defined(NO_SSL2) +#if !defined(NO_SSL2) && (OPENSSL_VERSION_NUMBER < 0x10100000L) case TLS_PROTO_SSL2: method = SSLv2_method (); break; #endif -#if !defined(NO_SSL3) +#if !defined(NO_SSL3) && (OPENSSL_VERSION_NUMBER < 0x10100000L) case TLS_PROTO_SSL3: method = SSLv3_method (); break; @@ -1128,10 +1135,10 @@ CTX_Init(statePtr, proto, key, cert, CAd #endif default: method = SSLv23_method (); -#if !defined(NO_SSL2) +#if !defined(NO_SSL2) && OPENSSL_VERSION_NUMBER < 0x10100000L off |= (ENABLED(proto, TLS_PROTO_SSL2) ? 0 : SSL_OP_NO_SSLv2); #endif -#if !defined(NO_SSL3) +#if !defined(NO_SSL3) && OPENSSL_VERSION_NUMBER < 0x10100000L off |= (ENABLED(proto, TLS_PROTO_SSL3) ? 0 : SSL_OP_NO_SSLv3); #endif #if !defined(NO_TLS1) @@ -1772,7 +1779,8 @@ TlsLibInit () { int i; char rnd_seed[16] = "GrzSlplKqUdnnzP!"; /* 16 bytes */ -#if defined(OPENSSL_THREADS) && defined(TCL_THREADS) + static int initialized; +#if defined(OPENSSL_THREADS) && defined(TCL_THREADS) && OPENSSL_VERSION_NUMBER < 0x10100000L size_t num_locks; #endif int status=TCL_OK; @@ -1782,13 +1790,13 @@ TlsLibInit () if (!initialized) { initialized = 1; - if (CRYPTO_set_mem_functions((void *(*)(size_t))Tcl_Alloc, - (void *(*)(void *, size_t))Tcl_Realloc, - (void(*)(void *))Tcl_Free) == 0) { + if (CRYPTO_set_mem_functions((void *(*)(size_t, const char *, int))Tcl_Alloc, + (void *(*)(void *, size_t, const char *, int))Tcl_Realloc, + (void(*)(void *, const char *, int))Tcl_Free) == 0) { /* Not using Tcl's mem functions ... not critical */ } -#if defined(OPENSSL_THREADS) && defined(TCL_THREADS) +#if defined(OPENSSL_THREADS) && defined(TCL_THREADS) && OPENSSL_VERSION_NUMBER < 0x10100000L /* should we consider allocating mutexes? */ num_locks = CRYPTO_num_locks(); if (num_locks > CRYPTO_NUM_LOCKS) { Index: tlsBIO.c =================================================================== RCS file: /home/kabe/cvsroot/tls/tlsBIO.c,v retrieving revision 1.1.1.1 diff -u -p -r1.1.1.1 tlsBIO.c --- tlsBIO.c 2 Apr 2017 06:36:10 -0000 1.1.1.1 +++ tlsBIO.c 3 Apr 2017 10:23:15 -0000 @@ -19,18 +19,6 @@ static long BioCtrl _ANSI_ARGS_ ((BIO *h static int BioNew _ANSI_ARGS_ ((BIO *h)); static int BioFree _ANSI_ARGS_ ((BIO *h)); - -static BIO_METHOD BioMethods = { - BIO_TYPE_TCL, "tcl", - BioWrite, - BioRead, - BioPuts, - NULL, /* BioGets */ - BioCtrl, - BioNew, - BioFree, -}; - BIO * BIO_new_tcl(statePtr, flags) State *statePtr; @@ -38,10 +26,10 @@ BIO_new_tcl(statePtr, flags) { BIO *bio; - bio = BIO_new(&BioMethods); - bio->ptr = (char*)statePtr; - bio->init = 1; - bio->shutdown = flags; + bio = BIO_new(BIO_s_tcl()); + BIO_set_data(bio, (void*)statePtr); + BIO_set_init(bio, 1); + BIO_set_shutdown(bio, flags); return bio; } @@ -49,7 +37,17 @@ BIO_new_tcl(statePtr, flags) BIO_METHOD * BIO_s_tcl() { - return &BioMethods; + static BIO_METHOD *biom = NULL; + if (!biom) { + biom = BIO_meth_new(BIO_TYPE_TCL, "tcl"); + BIO_meth_set_write(biom, BioWrite); + BIO_meth_set_read(biom, BioRead); + BIO_meth_set_puts(biom, BioPuts); + BIO_meth_set_ctrl(biom, BioCtrl); + BIO_meth_set_create(biom, BioNew); + BIO_meth_set_destroy(biom, BioFree); + } + return biom; } static int @@ -58,16 +56,16 @@ BioWrite (bio, buf, bufLen) CONST char *buf; int bufLen; { - Tcl_Channel chan = Tls_GetParent((State*)(bio->ptr)); + Tcl_Channel chan = Tls_GetParent((State*)BIO_get_data(bio)); int ret; dprintf(stderr,"\nBioWrite(0x%x, <buf>, %d) [0x%x]", (unsigned int) bio, bufLen, (unsigned int) chan); if (channelTypeVersion == TLS_CHANNEL_VERSION_2) { - ret = Tcl_WriteRaw(chan, buf, bufLen); + ret = Tcl_WriteRaw(chan, (char *)buf, bufLen); } else { - ret = Tcl_Write(chan, buf, bufLen); + ret = Tcl_Write(chan, (char *)buf, bufLen); } dprintf(stderr,"\n[0x%x] BioWrite(%d) -> %d [%d.%d]", @@ -93,7 +91,7 @@ BioRead (bio, buf, bufLen) char *buf; int bufLen; { - Tcl_Channel chan = Tls_GetParent((State*)bio->ptr); + Tcl_Channel chan = Tls_GetParent((State*)BIO_get_data(bio)); int ret = 0; dprintf(stderr,"\nBioRead(0x%x, <buf>, %d) [0x%x]", @@ -139,9 +137,14 @@ BioCtrl (bio, cmd, num, ptr) long num; void *ptr; { - Tcl_Channel chan = Tls_GetParent((State*)bio->ptr); + Tcl_Channel chan = NULL; long ret = 1; - int *ip; + /* In initial state setting BIO_C_SET_FD, bio->ptr may be + * uninitialized and thus Tls_GetParent fails. + */ + if (BIO_get_data(bio)) { + chan = Tls_GetParent((State*)BIO_get_data(bio)); + } dprintf(stderr,"\nBioCtrl(0x%x, 0x%x, 0x%x, 0x%x)", (unsigned int) bio, (unsigned int) cmd, (unsigned int) num, @@ -160,26 +163,22 @@ BioCtrl (bio, cmd, num, ptr) case BIO_C_SET_FD: BioFree(bio); /* Sets State* */ - bio->ptr = *((char **)ptr); - bio->shutdown = (int)num; - bio->init = 1; + BIO_set_data(bio, *((char **)ptr)); + BIO_set_shutdown(bio, (int)num); + BIO_set_init(bio, 1); break; case BIO_C_GET_FD: - if (bio->init) { - ip = (int *)ptr; - if (ip != NULL) { - *ip = bio->num; - } - ret = bio->num; + if (BIO_get_init(bio)) { + ret = BIO_get_fd(bio, ptr); } else { ret = -1; } break; case BIO_CTRL_GET_CLOSE: - ret = bio->shutdown; + ret = BIO_get_shutdown(bio); break; case BIO_CTRL_SET_CLOSE: - bio->shutdown = (int)num; + BIO_set_shutdown(bio, (int)num); break; case BIO_CTRL_EOF: dprintf(stderr, "BIO_CTRL_EOF\n"); @@ -213,10 +212,10 @@ static int BioNew (bio) BIO *bio; { - bio->init = 0; - bio->num = 0; - bio->ptr = NULL; - bio->flags = 0; + BIO_set_init(bio, 0); + /*BIO_set_fd(bio, 0, BIO_get_shutdown(bio));*/ + BIO_set_data(bio, NULL); + BIO_clear_flags(bio, ~0); return 1; } @@ -229,14 +228,14 @@ BioFree (bio) return 0; } - if (bio->shutdown) { - if (bio->init) { - /*shutdown(bio->num, 2) */ - /*closesocket(bio->num) */ + if (BIO_get_shutdown(bio)) { + if (BIO_get_init(bio)) { + /*shutdown(BIO_get_fd(bio), 2) */ + /*closesocket(BIO_get_fd(bio)) */ } - bio->init = 0; - bio->flags = 0; - bio->num = 0; + BIO_set_init(bio, 0); + BIO_clear_flags(bio, ~0); + /*BIO_set_fd(bio, 0, BIO_get_shutdown(bio));*/ /* this will cause infinite loop */ } return 1; } Index: tlsX509.c =================================================================== RCS file: /home/kabe/cvsroot/tls/tlsX509.c,v retrieving revision 1.1.1.1 retrieving revision 1.2 diff -u -p -r1.1.1.1 -r1.2 --- tlsX509.c 2 Apr 2017 06:36:10 -0000 1.1.1.1 +++ tlsX509.c 3 Apr 2017 10:04:32 -0000 1.2 @@ -100,7 +100,7 @@ Tls_NewX509Obj( interp, cert) char serial[BUFSIZ]; char notBefore[BUFSIZ]; char notAfter[BUFSIZ]; -#ifndef NO_SSL_SHA +#if !defined(NO_SSL_SHA) && OPENSSL_VERSION_NUMBER < 0x10000000L int shai; char sha_hash[SHA_DIGEST_LENGTH*2]; const char *shachars="0123456789ABCDEF"; @@ -138,7 +138,7 @@ Tls_NewX509Obj( interp, cert) strcpy( notBefore, ASN1_UTCTIME_tostr( X509_get_notBefore(cert) )); strcpy( notAfter, ASN1_UTCTIME_tostr( X509_get_notAfter(cert) )); -#ifndef NO_SSL_SHA +#if !defined(NO_SSL_SHA) && OPENSSL_VERSION_NUMBER < 0x10000000L for (shai=0;shai<SHA_DIGEST_LENGTH;shai++) { sha_hash[shai * 2]=shachars[(cert->sha1_hash[shai] & 0xF0) >> 4];