Overview
| Comment: | * tls.c (Tls_Init): added call to RAND_seed to seed the SSL random number generator. Without this, OpenSSL 0.9.5 chokes, and in any case it is a big security hole to do without it. |
|---|---|
| Downloads: | Tarball | ZIP archive | SQL archive |
| Timelines: | family | ancestors | descendants | both | trunk |
| Files: | files | file ages | folders |
| SHA1: |
4b5fd24dada9f493c6a94a7fb4f9fbf9 |
| User & Date: | hobbs on 2000-08-18 19:22:25 |
| Other Links: | manifest | tags |
Context
|
2000-08-23
| ||
| 00:11 | * tests/tlsIO.test: require at least tls1.4 in test suite. check-in: 204da759a0 user: hobbs tags: trunk | |
|
2000-08-18
| ||
| 19:22 | * tls.c (Tls_Init): added call to RAND_seed to seed the SSL random number generator. Without this, OpenSSL 0.9.5 chokes, and in any case it is a big security hole to do without it. check-in: 4b5fd24dad user: hobbs tags: trunk | |
| 19:17 | * configure.in (OPENSSL): added NO_IDEA and NO_RC5 defines by default when compiling with OpenSSL. check-in: a0a17d252a user: hobbs tags: trunk | |
Changes
Modified ChangeLog from [47ac658e02] to [1a708169ed].
1 2 3 4 5 6 7 | 2000-08-16 Jeff Hobbs <[email protected]> * tests/ciphers.test: improved ability to change constraint setting for whether user compiled against RSA or OpenSSL libs. * tls.c (Tls_Init): corrected interpretation of version number (patchlevel and release/serial were swapped). | > > > > > > > > > > > > > > | 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 | 2000-08-18 Jeff Hobbs <[email protected]> * tls.c (Tls_Init): added call to RAND_seed to seed the SSL random number generator. Without this, OpenSSL 0.9.5 chokes, and in any case it is a big security hole to do without it. * configure.in (OPENSSL): added NO_IDEA and NO_RC5 defines by default when compiling with OpenSSL. * tlsInt.h: added err.h include * tlsBIO.c: * tlsIO.c: corrected pedantic cast errors. 2000-08-16 Jeff Hobbs <[email protected]> * tests/ciphers.test: improved ability to change constraint setting for whether user compiled against RSA or OpenSSL libs. * tls.c (Tls_Init): corrected interpretation of version number (patchlevel and release/serial were swapped). |
| ︙ | ︙ |
Modified tls.c from [e741b6dd44] to [860e712dac].
1 2 3 4 | /* * Copyright (C) 1997-1999 Matt Newman <[email protected]> * Copyright (C) 2000 Ajuba Solutions * | | > | 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 | /* * Copyright (C) 1997-1999 Matt Newman <[email protected]> * Copyright (C) 2000 Ajuba Solutions * * $Header: /home/rkeene/tmp/cvs2fossil/../tcltls/tls/tls/tls.c,v 1.12 2000/08/18 19:22:25 hobbs Exp $ * * TLS (aka SSL) Channel - can be layered on any bi-directional * Tcl_Channel (Note: Requires Trf Core Patch) * * This was built (almost) from scratch based upon observation of * OpenSSL 0.9.2B * * Addition credit is due for Andreas Kupries ([email protected]), for * providing the Tcl_ReplaceChannel mechanism and working closely with me * to enhance it to support full fileevent semantics. * * Also work done by the follow people provided the impetus to do this "right": * tclSSL (Colin McCormack, Shared Technology) * SSLtcl (Peter Antman) * */ #include "tlsInt.h" #include "tclOpts.h" #include <stdlib.h> /* * External functions */ /* * Forward declarations |
| ︙ | ︙ | |||
131 132 133 134 135 136 137 |
*/
static void
InfoCallback(SSL *ssl, int where, int ret)
{
State *statePtr = (State*)SSL_get_app_data(ssl);
Tcl_Obj *cmdPtr;
char *major; char *minor;
| < | 132 133 134 135 136 137 138 139 140 141 142 143 144 145 |
*/
static void
InfoCallback(SSL *ssl, int where, int ret)
{
State *statePtr = (State*)SSL_get_app_data(ssl);
Tcl_Obj *cmdPtr;
char *major; char *minor;
if (statePtr->callback == (Tcl_Obj*)NULL)
return;
cmdPtr = Tcl_DuplicateObj(statePtr->callback);
#if 0
|
| ︙ | ︙ | |||
1135 1136 1137 1138 1139 1140 1141 |
*-------------------------------------------------------------------
*/
int
Tls_Init(Tcl_Interp *interp) /* Interpreter in which the package is
* to be made available. */
{
| | > | 1135 1136 1137 1138 1139 1140 1141 1142 1143 1144 1145 1146 1147 1148 1149 1150 |
*-------------------------------------------------------------------
*/
int
Tls_Init(Tcl_Interp *interp) /* Interpreter in which the package is
* to be made available. */
{
int major, minor, patchlevel, release, i;
char rnd_seed[16] = "GrzSlplKqUdnnzP!"; /* 16 bytes */
/*
* The original 8.2.0 stacked channel implementation (and the patch
* that preceded it) had problems with scalability and robustness.
* These were address in 8.3.2 / 8.4a2, so we now require that as a
* minimum for TLS 1.4+. We only support 8.2+ now (8.3.2+ preferred).
*/
|
| ︙ | ︙ | |||
1175 1176 1177 1178 1179 1180 1181 1182 1183 1184 1185 1186 1187 1188 |
if (SSL_library_init() != 1) {
Tcl_AppendResult(interp, "could not initialize SSL library", NULL);
return TCL_ERROR;
}
SSL_load_error_strings();
ERR_load_crypto_strings();
Tcl_CreateObjCommand(interp, "tls::ciphers", CiphersObjCmd,
(ClientData) 0, (Tcl_CmdDeleteProc *) NULL);
Tcl_CreateObjCommand(interp, "tls::handshake", HandshakeObjCmd,
(ClientData) 0, (Tcl_CmdDeleteProc *) NULL);
Tcl_CreateObjCommand(interp, "tls::import", ImportObjCmd,
| > > > > > > > > > | 1176 1177 1178 1179 1180 1181 1182 1183 1184 1185 1186 1187 1188 1189 1190 1191 1192 1193 1194 1195 1196 1197 1198 |
if (SSL_library_init() != 1) {
Tcl_AppendResult(interp, "could not initialize SSL library", NULL);
return TCL_ERROR;
}
SSL_load_error_strings();
ERR_load_crypto_strings();
/*
* Seed the random number generator in the SSL library
*/
srand((unsigned int) time((time_t *) NULL));
for (i = 0; i < 16; i++) {
rnd_seed[i] = 1 + (char) (255.0 * rand()/(RAND_MAX+1.0));
}
RAND_seed(rnd_seed, sizeof(rnd_seed));
Tcl_CreateObjCommand(interp, "tls::ciphers", CiphersObjCmd,
(ClientData) 0, (Tcl_CmdDeleteProc *) NULL);
Tcl_CreateObjCommand(interp, "tls::handshake", HandshakeObjCmd,
(ClientData) 0, (Tcl_CmdDeleteProc *) NULL);
Tcl_CreateObjCommand(interp, "tls::import", ImportObjCmd,
|
| ︙ | ︙ |