Check-in [4b5fd24dad]
Overview
Comment: * tls.c (Tls_Init): added call to RAND_seed to seed the SSL random number generator. Without this, OpenSSL 0.9.5 chokes, and in any case it is a big security hole to do without it.
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA1: 4b5fd24dada9f493c6a94a7fb4f9fbf9d84e31e3
User & Date: hobbs on 2000-08-18 19:22:25
Other Links: manifest | tags
Context
2000-08-23
00:11
* tests/tlsIO.test: require at least tls1.4 in test suite. check-in: 204da759a0 user: hobbs tags: trunk
2000-08-18
19:22
* tls.c (Tls_Init): added call to RAND_seed to seed the SSL random number generator. Without this, OpenSSL 0.9.5 chokes, and in any case it is a big security hole to do without it. check-in: 4b5fd24dad user: hobbs tags: trunk
19:17
* configure.in (OPENSSL): added NO_IDEA and NO_RC5 defines by default when compiling with OpenSSL. check-in: a0a17d252a user: hobbs tags: trunk
Changes
Modified ChangeLog from [47ac658e02] to [1a708169ed].














1
2
3
4
5
6
7














2000-08-16  Jeff Hobbs  <hobbs@scriptics.com>

	* tests/ciphers.test: improved ability to change constraint
	setting for whether user compiled against RSA or OpenSSL libs.

	* tls.c (Tls_Init): corrected interpretation of version number
	(patchlevel and release/serial were swapped).
>
>
>
>
>
>
>
>
>
>
>
>
>
>







1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
2000-08-18  Jeff Hobbs  <hobbs@scriptics.com>

	* tls.c (Tls_Init): added call to RAND_seed to seed the SSL random
	number generator.  Without this, OpenSSL 0.9.5 chokes, and in any
	case it is a big security hole to do without it.

	* configure.in (OPENSSL): added NO_IDEA and NO_RC5 defines by
	default when compiling with OpenSSL.

	* tlsInt.h: added err.h include

	* tlsBIO.c:
	* tlsIO.c: corrected pedantic cast errors.

2000-08-16  Jeff Hobbs  <hobbs@scriptics.com>

	* tests/ciphers.test: improved ability to change constraint
	setting for whether user compiled against RSA or OpenSSL libs.

	* tls.c (Tls_Init): corrected interpretation of version number
	(patchlevel and release/serial were swapped).
Modified tls.c from [e741b6dd44] to [860e712dac].
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24

25
26
27
28
29
30
31
/*
 * Copyright (C) 1997-1999 Matt Newman <matt@novadigm.com>
 * Copyright (C) 2000 Ajuba Solutions
 *
 * $Header: /home/rkeene/tmp/cvs2fossil/../tcltls/tls/tls/tls.c,v 1.11 2000/08/16 17:44:05 hobbs Exp $
 *
 * TLS (aka SSL) Channel - can be layered on any bi-directional
 * Tcl_Channel (Note: Requires Trf Core Patch)
 *
 * This was built (almost) from scratch based upon observation of
 * OpenSSL 0.9.2B
 *
 * Addition credit is due for Andreas Kupries (a.kupries@westend.com), for
 * providing the Tcl_ReplaceChannel mechanism and working closely with me
 * to enhance it to support full fileevent semantics.
 *
 * Also work done by the follow people provided the impetus to do this "right":
 *	tclSSL (Colin McCormack, Shared Technology)
 *	SSLtcl (Peter Antman)
 *
 */

#include "tlsInt.h"
#include "tclOpts.h"


/*
 * External functions
 */

/*
 * Forward declarations




|



















>







1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
/*
 * Copyright (C) 1997-1999 Matt Newman <matt@novadigm.com>
 * Copyright (C) 2000 Ajuba Solutions
 *
 * $Header: /home/rkeene/tmp/cvs2fossil/../tcltls/tls/tls/tls.c,v 1.12 2000/08/18 19:22:25 hobbs Exp $
 *
 * TLS (aka SSL) Channel - can be layered on any bi-directional
 * Tcl_Channel (Note: Requires Trf Core Patch)
 *
 * This was built (almost) from scratch based upon observation of
 * OpenSSL 0.9.2B
 *
 * Addition credit is due for Andreas Kupries (a.kupries@westend.com), for
 * providing the Tcl_ReplaceChannel mechanism and working closely with me
 * to enhance it to support full fileevent semantics.
 *
 * Also work done by the follow people provided the impetus to do this "right":
 *	tclSSL (Colin McCormack, Shared Technology)
 *	SSLtcl (Peter Antman)
 *
 */

#include "tlsInt.h"
#include "tclOpts.h"
#include <stdlib.h>

/*
 * External functions
 */

/*
 * Forward declarations
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
 */
static void
InfoCallback(SSL *ssl, int where, int ret)
{
    State *statePtr = (State*)SSL_get_app_data(ssl);
    Tcl_Obj *cmdPtr;
    char *major; char *minor;
    int w;

    if (statePtr->callback == (Tcl_Obj*)NULL)
	return;

    cmdPtr = Tcl_DuplicateObj(statePtr->callback);

#if 0







<







132
133
134
135
136
137
138

139
140
141
142
143
144
145
 */
static void
InfoCallback(SSL *ssl, int where, int ret)
{
    State *statePtr = (State*)SSL_get_app_data(ssl);
    Tcl_Obj *cmdPtr;
    char *major; char *minor;


    if (statePtr->callback == (Tcl_Obj*)NULL)
	return;

    cmdPtr = Tcl_DuplicateObj(statePtr->callback);

#if 0
1135
1136
1137
1138
1139
1140
1141
1142

1143
1144
1145
1146
1147
1148
1149
 *-------------------------------------------------------------------
 */

int
Tls_Init(Tcl_Interp *interp)		/* Interpreter in which the package is
                                         * to be made available. */
{
    int major, minor, patchlevel, release;


    /*
     * The original 8.2.0 stacked channel implementation (and the patch
     * that preceded it) had problems with scalability and robustness.
     * These were address in 8.3.2 / 8.4a2, so we now require that as a
     * minimum for TLS 1.4+.  We only support 8.2+ now (8.3.2+ preferred).
     */







|
>







1135
1136
1137
1138
1139
1140
1141
1142
1143
1144
1145
1146
1147
1148
1149
1150
 *-------------------------------------------------------------------
 */

int
Tls_Init(Tcl_Interp *interp)		/* Interpreter in which the package is
                                         * to be made available. */
{
    int major, minor, patchlevel, release, i;
    char rnd_seed[16] = "GrzSlplKqUdnnzP!";	/* 16 bytes */

    /*
     * The original 8.2.0 stacked channel implementation (and the patch
     * that preceded it) had problems with scalability and robustness.
     * These were address in 8.3.2 / 8.4a2, so we now require that as a
     * minimum for TLS 1.4+.  We only support 8.2+ now (8.3.2+ preferred).
     */
1175
1176
1177
1178
1179
1180
1181









1182
1183
1184
1185
1186
1187
1188
    if (SSL_library_init() != 1) {
        Tcl_AppendResult(interp, "could not initialize SSL library", NULL);
	return TCL_ERROR;
    }
    SSL_load_error_strings();
    ERR_load_crypto_strings();










    Tcl_CreateObjCommand(interp, "tls::ciphers", CiphersObjCmd,
	    (ClientData) 0, (Tcl_CmdDeleteProc *) NULL);

    Tcl_CreateObjCommand(interp, "tls::handshake", HandshakeObjCmd,
	    (ClientData) 0, (Tcl_CmdDeleteProc *) NULL);

    Tcl_CreateObjCommand(interp, "tls::import", ImportObjCmd,







>
>
>
>
>
>
>
>
>







1176
1177
1178
1179
1180
1181
1182
1183
1184
1185
1186
1187
1188
1189
1190
1191
1192
1193
1194
1195
1196
1197
1198
    if (SSL_library_init() != 1) {
        Tcl_AppendResult(interp, "could not initialize SSL library", NULL);
	return TCL_ERROR;
    }
    SSL_load_error_strings();
    ERR_load_crypto_strings();

    /*
     * Seed the random number generator in the SSL library
     */
    srand((unsigned int) time((time_t *) NULL));
    for (i = 0; i < 16; i++) {
	rnd_seed[i] = 1 + (char) (255.0 * rand()/(RAND_MAX+1.0));
    }
    RAND_seed(rnd_seed, sizeof(rnd_seed));

    Tcl_CreateObjCommand(interp, "tls::ciphers", CiphersObjCmd,
	    (ClientData) 0, (Tcl_CmdDeleteProc *) NULL);

    Tcl_CreateObjCommand(interp, "tls::handshake", HandshakeObjCmd,
	    (ClientData) 0, (Tcl_CmdDeleteProc *) NULL);

    Tcl_CreateObjCommand(interp, "tls::import", ImportObjCmd,