Overview
Comment: | * tls.c (Tls_Init): added call to RAND_seed to seed the SSL random number generator. Without this, OpenSSL 0.9.5 chokes, and in any case it is a big security hole to do without it. |
---|---|
Downloads: | Tarball | ZIP archive | SQL archive |
Timelines: | family | ancestors | descendants | both | trunk |
Files: | files | file ages | folders |
SHA1: |
4b5fd24dada9f493c6a94a7fb4f9fbf9 |
User & Date: | hobbs on 2000-08-18 19:22:25 |
Other Links: | manifest | tags |
Context
2000-08-23
| ||
00:11 | * tests/tlsIO.test: require at least tls1.4 in test suite. check-in: 204da759a0 user: hobbs tags: trunk | |
2000-08-18
| ||
19:22 | * tls.c (Tls_Init): added call to RAND_seed to seed the SSL random number generator. Without this, OpenSSL 0.9.5 chokes, and in any case it is a big security hole to do without it. check-in: 4b5fd24dad user: hobbs tags: trunk | |
19:17 | * configure.in (OPENSSL): added NO_IDEA and NO_RC5 defines by default when compiling with OpenSSL. check-in: a0a17d252a user: hobbs tags: trunk | |
Changes
Modified ChangeLog
from [47ac658e02]
to [1a708169ed].
1 2 3 4 5 6 7 | 2000-08-16 Jeff Hobbs <hobbs@scriptics.com> * tests/ciphers.test: improved ability to change constraint setting for whether user compiled against RSA or OpenSSL libs. * tls.c (Tls_Init): corrected interpretation of version number (patchlevel and release/serial were swapped). | > > > > > > > > > > > > > > | 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 | 2000-08-18 Jeff Hobbs <hobbs@scriptics.com> * tls.c (Tls_Init): added call to RAND_seed to seed the SSL random number generator. Without this, OpenSSL 0.9.5 chokes, and in any case it is a big security hole to do without it. * configure.in (OPENSSL): added NO_IDEA and NO_RC5 defines by default when compiling with OpenSSL. * tlsInt.h: added err.h include * tlsBIO.c: * tlsIO.c: corrected pedantic cast errors. 2000-08-16 Jeff Hobbs <hobbs@scriptics.com> * tests/ciphers.test: improved ability to change constraint setting for whether user compiled against RSA or OpenSSL libs. * tls.c (Tls_Init): corrected interpretation of version number (patchlevel and release/serial were swapped). |
︙ | ︙ |
Modified tls.c
from [e741b6dd44]
to [860e712dac].
1 2 3 4 | /* * Copyright (C) 1997-1999 Matt Newman <matt@novadigm.com> * Copyright (C) 2000 Ajuba Solutions * | | > | 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 | /* * Copyright (C) 1997-1999 Matt Newman <matt@novadigm.com> * Copyright (C) 2000 Ajuba Solutions * * $Header: /home/rkeene/tmp/cvs2fossil/../tcltls/tls/tls/tls.c,v 1.12 2000/08/18 19:22:25 hobbs Exp $ * * TLS (aka SSL) Channel - can be layered on any bi-directional * Tcl_Channel (Note: Requires Trf Core Patch) * * This was built (almost) from scratch based upon observation of * OpenSSL 0.9.2B * * Addition credit is due for Andreas Kupries (a.kupries@westend.com), for * providing the Tcl_ReplaceChannel mechanism and working closely with me * to enhance it to support full fileevent semantics. * * Also work done by the follow people provided the impetus to do this "right": * tclSSL (Colin McCormack, Shared Technology) * SSLtcl (Peter Antman) * */ #include "tlsInt.h" #include "tclOpts.h" #include <stdlib.h> /* * External functions */ /* * Forward declarations |
︙ | ︙ | |||
131 132 133 134 135 136 137 | */ static void InfoCallback(SSL *ssl, int where, int ret) { State *statePtr = (State*)SSL_get_app_data(ssl); Tcl_Obj *cmdPtr; char *major; char *minor; | < | 132 133 134 135 136 137 138 139 140 141 142 143 144 145 | */ static void InfoCallback(SSL *ssl, int where, int ret) { State *statePtr = (State*)SSL_get_app_data(ssl); Tcl_Obj *cmdPtr; char *major; char *minor; if (statePtr->callback == (Tcl_Obj*)NULL) return; cmdPtr = Tcl_DuplicateObj(statePtr->callback); #if 0 |
︙ | ︙ | |||
1135 1136 1137 1138 1139 1140 1141 | *------------------------------------------------------------------- */ int Tls_Init(Tcl_Interp *interp) /* Interpreter in which the package is * to be made available. */ { | | > | 1135 1136 1137 1138 1139 1140 1141 1142 1143 1144 1145 1146 1147 1148 1149 1150 | *------------------------------------------------------------------- */ int Tls_Init(Tcl_Interp *interp) /* Interpreter in which the package is * to be made available. */ { int major, minor, patchlevel, release, i; char rnd_seed[16] = "GrzSlplKqUdnnzP!"; /* 16 bytes */ /* * The original 8.2.0 stacked channel implementation (and the patch * that preceded it) had problems with scalability and robustness. * These were address in 8.3.2 / 8.4a2, so we now require that as a * minimum for TLS 1.4+. We only support 8.2+ now (8.3.2+ preferred). */ |
︙ | ︙ | |||
1175 1176 1177 1178 1179 1180 1181 1182 1183 1184 1185 1186 1187 1188 | if (SSL_library_init() != 1) { Tcl_AppendResult(interp, "could not initialize SSL library", NULL); return TCL_ERROR; } SSL_load_error_strings(); ERR_load_crypto_strings(); Tcl_CreateObjCommand(interp, "tls::ciphers", CiphersObjCmd, (ClientData) 0, (Tcl_CmdDeleteProc *) NULL); Tcl_CreateObjCommand(interp, "tls::handshake", HandshakeObjCmd, (ClientData) 0, (Tcl_CmdDeleteProc *) NULL); Tcl_CreateObjCommand(interp, "tls::import", ImportObjCmd, | > > > > > > > > > | 1176 1177 1178 1179 1180 1181 1182 1183 1184 1185 1186 1187 1188 1189 1190 1191 1192 1193 1194 1195 1196 1197 1198 | if (SSL_library_init() != 1) { Tcl_AppendResult(interp, "could not initialize SSL library", NULL); return TCL_ERROR; } SSL_load_error_strings(); ERR_load_crypto_strings(); /* * Seed the random number generator in the SSL library */ srand((unsigned int) time((time_t *) NULL)); for (i = 0; i < 16; i++) { rnd_seed[i] = 1 + (char) (255.0 * rand()/(RAND_MAX+1.0)); } RAND_seed(rnd_seed, sizeof(rnd_seed)); Tcl_CreateObjCommand(interp, "tls::ciphers", CiphersObjCmd, (ClientData) 0, (Tcl_CmdDeleteProc *) NULL); Tcl_CreateObjCommand(interp, "tls::handshake", HandshakeObjCmd, (ClientData) 0, (Tcl_CmdDeleteProc *) NULL); Tcl_CreateObjCommand(interp, "tls::import", ImportObjCmd, |
︙ | ︙ |