Check-in [4b5fd24dad]
Overview
Comment: * tls.c (Tls_Init): added call to RAND_seed to seed the SSL random number generator. Without this, OpenSSL 0.9.5 chokes, and in any case it is a big security hole to do without it.
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA1: 4b5fd24dada9f493c6a94a7fb4f9fbf9d84e31e3
User & Date: hobbs on 2000-08-18 19:22:25
Other Links: manifest | tags
Context
2000-08-23
00:11
* tests/tlsIO.test: require at least tls1.4 in test suite. check-in: 204da759a0 user: hobbs tags: trunk
2000-08-18
19:22
* tls.c (Tls_Init): added call to RAND_seed to seed the SSL random number generator. Without this, OpenSSL 0.9.5 chokes, and in any case it is a big security hole to do without it. check-in: 4b5fd24dad user: hobbs tags: trunk
19:17
* configure.in (OPENSSL): added NO_IDEA and NO_RC5 defines by default when compiling with OpenSSL. check-in: a0a17d252a user: hobbs tags: trunk
Changes
Modified ChangeLog from [47ac658e02] to [1a708169ed].














1
2
3
4
5
6
7
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
+
+
+
+
+
+
+
+
+
+
+
+
+
+







2000-08-18  Jeff Hobbs  <hobbs@scriptics.com>

	* tls.c (Tls_Init): added call to RAND_seed to seed the SSL random
	number generator.  Without this, OpenSSL 0.9.5 chokes, and in any
	case it is a big security hole to do without it.

	* configure.in (OPENSSL): added NO_IDEA and NO_RC5 defines by
	default when compiling with OpenSSL.

	* tlsInt.h: added err.h include

	* tlsBIO.c:
	* tlsIO.c: corrected pedantic cast errors.

2000-08-16  Jeff Hobbs  <hobbs@scriptics.com>

	* tests/ciphers.test: improved ability to change constraint
	setting for whether user compiled against RSA or OpenSSL libs.

	* tls.c (Tls_Init): corrected interpretation of version number
	(patchlevel and release/serial were swapped).
Modified tls.c from [e741b6dd44] to [860e712dac].
1
2
3
4
5

6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24

25
26
27
28
29
30
31
1
2
3
4

5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32




-
+



















+







/*
 * Copyright (C) 1997-1999 Matt Newman <matt@novadigm.com>
 * Copyright (C) 2000 Ajuba Solutions
 *
 * $Header: /home/rkeene/tmp/cvs2fossil/../tcltls/tls/tls/tls.c,v 1.11 2000/08/16 17:44:05 hobbs Exp $
 * $Header: /home/rkeene/tmp/cvs2fossil/../tcltls/tls/tls/tls.c,v 1.12 2000/08/18 19:22:25 hobbs Exp $
 *
 * TLS (aka SSL) Channel - can be layered on any bi-directional
 * Tcl_Channel (Note: Requires Trf Core Patch)
 *
 * This was built (almost) from scratch based upon observation of
 * OpenSSL 0.9.2B
 *
 * Addition credit is due for Andreas Kupries (a.kupries@westend.com), for
 * providing the Tcl_ReplaceChannel mechanism and working closely with me
 * to enhance it to support full fileevent semantics.
 *
 * Also work done by the follow people provided the impetus to do this "right":
 *	tclSSL (Colin McCormack, Shared Technology)
 *	SSLtcl (Peter Antman)
 *
 */

#include "tlsInt.h"
#include "tclOpts.h"
#include <stdlib.h>

/*
 * External functions
 */

/*
 * Forward declarations
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
132
133
134
135
136
137
138

139
140
141
142
143
144
145







-







 */
static void
InfoCallback(SSL *ssl, int where, int ret)
{
    State *statePtr = (State*)SSL_get_app_data(ssl);
    Tcl_Obj *cmdPtr;
    char *major; char *minor;
    int w;

    if (statePtr->callback == (Tcl_Obj*)NULL)
	return;

    cmdPtr = Tcl_DuplicateObj(statePtr->callback);

#if 0
1135
1136
1137
1138
1139
1140
1141
1142


1143
1144
1145
1146
1147
1148
1149
1135
1136
1137
1138
1139
1140
1141

1142
1143
1144
1145
1146
1147
1148
1149
1150







-
+
+







 *-------------------------------------------------------------------
 */

int
Tls_Init(Tcl_Interp *interp)		/* Interpreter in which the package is
                                         * to be made available. */
{
    int major, minor, patchlevel, release;
    int major, minor, patchlevel, release, i;
    char rnd_seed[16] = "GrzSlplKqUdnnzP!";	/* 16 bytes */

    /*
     * The original 8.2.0 stacked channel implementation (and the patch
     * that preceded it) had problems with scalability and robustness.
     * These were address in 8.3.2 / 8.4a2, so we now require that as a
     * minimum for TLS 1.4+.  We only support 8.2+ now (8.3.2+ preferred).
     */
1175
1176
1177
1178
1179
1180
1181









1182
1183
1184
1185
1186
1187
1188
1176
1177
1178
1179
1180
1181
1182
1183
1184
1185
1186
1187
1188
1189
1190
1191
1192
1193
1194
1195
1196
1197
1198







+
+
+
+
+
+
+
+
+







    if (SSL_library_init() != 1) {
        Tcl_AppendResult(interp, "could not initialize SSL library", NULL);
	return TCL_ERROR;
    }
    SSL_load_error_strings();
    ERR_load_crypto_strings();

    /*
     * Seed the random number generator in the SSL library
     */
    srand((unsigned int) time((time_t *) NULL));
    for (i = 0; i < 16; i++) {
	rnd_seed[i] = 1 + (char) (255.0 * rand()/(RAND_MAX+1.0));
    }
    RAND_seed(rnd_seed, sizeof(rnd_seed));

    Tcl_CreateObjCommand(interp, "tls::ciphers", CiphersObjCmd,
	    (ClientData) 0, (Tcl_CmdDeleteProc *) NULL);

    Tcl_CreateObjCommand(interp, "tls::handshake", HandshakeObjCmd,
	    (ClientData) 0, (Tcl_CmdDeleteProc *) NULL);

    Tcl_CreateObjCommand(interp, "tls::import", ImportObjCmd,