Check-in [4b5fd24dad]
Bounty program for improvements to Tcl and certain Tcl packages.
Overview
Comment: * tls.c (Tls_Init): added call to RAND_seed to seed the SSL random number generator. Without this, OpenSSL 0.9.5 chokes, and in any case it is a big security hole to do without it.
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA1: 4b5fd24dada9f493c6a94a7fb4f9fbf9d84e31e3
User & Date: hobbs on 2000-08-18 19:22:25
Other Links: manifest | tags
Context
2000-08-23
00:11
* tests/tlsIO.test: require at least tls1.4 in test suite. check-in: 204da759a0 user: hobbs tags: trunk
2000-08-18
19:22
* tls.c (Tls_Init): added call to RAND_seed to seed the SSL random number generator. Without this, OpenSSL 0.9.5 chokes, and in any case it is a big security hole to do without it. check-in: 4b5fd24dad user: hobbs tags: trunk
19:17
* configure.in (OPENSSL): added NO_IDEA and NO_RC5 defines by default when compiling with OpenSSL. check-in: a0a17d252a user: hobbs tags: trunk
Changes

Modified ChangeLog from [47ac658e02] to [1a708169ed].















1
2
3
4
5
6
7













2000-08-16  Jeff Hobbs  <[email protected]>

	* tests/ciphers.test: improved ability to change constraint
	setting for whether user compiled against RSA or OpenSSL libs.

	* tls.c (Tls_Init): corrected interpretation of version number
	(patchlevel and release/serial were swapped).
>
>
>
>
>
>
>
>
>
>
>
>
>
>







1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
2000-08-18  Jeff Hobbs  <[email protected]>

	* tls.c (Tls_Init): added call to RAND_seed to seed the SSL random
	number generator.  Without this, OpenSSL 0.9.5 chokes, and in any
	case it is a big security hole to do without it.

	* configure.in (OPENSSL): added NO_IDEA and NO_RC5 defines by
	default when compiling with OpenSSL.

	* tlsInt.h: added err.h include

	* tlsBIO.c:
	* tlsIO.c: corrected pedantic cast errors.

2000-08-16  Jeff Hobbs  <[email protected]>

	* tests/ciphers.test: improved ability to change constraint
	setting for whether user compiled against RSA or OpenSSL libs.

	* tls.c (Tls_Init): corrected interpretation of version number
	(patchlevel and release/serial were swapped).

Modified tls.c from [e741b6dd44] to [860e712dac].

1
2
3
4
5
6
7
8
9
10
11
12
..
18
19
20
21
22
23
24

25
26
27
28
29
30
31
...
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
....
1135
1136
1137
1138
1139
1140
1141
1142

1143
1144
1145
1146
1147
1148
1149
....
1175
1176
1177
1178
1179
1180
1181









1182
1183
1184
1185
1186
1187
1188
/*
 * Copyright (C) 1997-1999 Matt Newman <[email protected]>
 * Copyright (C) 2000 Ajuba Solutions
 *
 * $Header: /home/rkeene/tmp/cvs2fossil/../tcltls/tls/tls/tls.c,v 1.11 2000/08/16 17:44:05 hobbs Exp $
 *
 * TLS (aka SSL) Channel - can be layered on any bi-directional
 * Tcl_Channel (Note: Requires Trf Core Patch)
 *
 * This was built (almost) from scratch based upon observation of
 * OpenSSL 0.9.2B
 *
................................................................................
 *	tclSSL (Colin McCormack, Shared Technology)
 *	SSLtcl (Peter Antman)
 *
 */

#include "tlsInt.h"
#include "tclOpts.h"


/*
 * External functions
 */

/*
 * Forward declarations
................................................................................
 */
static void
InfoCallback(SSL *ssl, int where, int ret)
{
    State *statePtr = (State*)SSL_get_app_data(ssl);
    Tcl_Obj *cmdPtr;
    char *major; char *minor;
    int w;

    if (statePtr->callback == (Tcl_Obj*)NULL)
	return;

    cmdPtr = Tcl_DuplicateObj(statePtr->callback);

#if 0
................................................................................
 *-------------------------------------------------------------------
 */

int
Tls_Init(Tcl_Interp *interp)		/* Interpreter in which the package is
                                         * to be made available. */
{
    int major, minor, patchlevel, release;


    /*
     * The original 8.2.0 stacked channel implementation (and the patch
     * that preceded it) had problems with scalability and robustness.
     * These were address in 8.3.2 / 8.4a2, so we now require that as a
     * minimum for TLS 1.4+.  We only support 8.2+ now (8.3.2+ preferred).
     */
................................................................................
    if (SSL_library_init() != 1) {
        Tcl_AppendResult(interp, "could not initialize SSL library", NULL);
	return TCL_ERROR;
    }
    SSL_load_error_strings();
    ERR_load_crypto_strings();










    Tcl_CreateObjCommand(interp, "tls::ciphers", CiphersObjCmd,
	    (ClientData) 0, (Tcl_CmdDeleteProc *) NULL);

    Tcl_CreateObjCommand(interp, "tls::handshake", HandshakeObjCmd,
	    (ClientData) 0, (Tcl_CmdDeleteProc *) NULL);

    Tcl_CreateObjCommand(interp, "tls::import", ImportObjCmd,



|







 







>







 







<







 







|
>







 







>
>
>
>
>
>
>
>
>







1
2
3
4
5
6
7
8
9
10
11
12
..
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
...
132
133
134
135
136
137
138

139
140
141
142
143
144
145
....
1135
1136
1137
1138
1139
1140
1141
1142
1143
1144
1145
1146
1147
1148
1149
1150
....
1176
1177
1178
1179
1180
1181
1182
1183
1184
1185
1186
1187
1188
1189
1190
1191
1192
1193
1194
1195
1196
1197
1198
/*
 * Copyright (C) 1997-1999 Matt Newman <[email protected]>
 * Copyright (C) 2000 Ajuba Solutions
 *
 * $Header: /home/rkeene/tmp/cvs2fossil/../tcltls/tls/tls/tls.c,v 1.12 2000/08/18 19:22:25 hobbs Exp $
 *
 * TLS (aka SSL) Channel - can be layered on any bi-directional
 * Tcl_Channel (Note: Requires Trf Core Patch)
 *
 * This was built (almost) from scratch based upon observation of
 * OpenSSL 0.9.2B
 *
................................................................................
 *	tclSSL (Colin McCormack, Shared Technology)
 *	SSLtcl (Peter Antman)
 *
 */

#include "tlsInt.h"
#include "tclOpts.h"
#include <stdlib.h>

/*
 * External functions
 */

/*
 * Forward declarations
................................................................................
 */
static void
InfoCallback(SSL *ssl, int where, int ret)
{
    State *statePtr = (State*)SSL_get_app_data(ssl);
    Tcl_Obj *cmdPtr;
    char *major; char *minor;


    if (statePtr->callback == (Tcl_Obj*)NULL)
	return;

    cmdPtr = Tcl_DuplicateObj(statePtr->callback);

#if 0
................................................................................
 *-------------------------------------------------------------------
 */

int
Tls_Init(Tcl_Interp *interp)		/* Interpreter in which the package is
                                         * to be made available. */
{
    int major, minor, patchlevel, release, i;
    char rnd_seed[16] = "GrzSlplKqUdnnzP!";	/* 16 bytes */

    /*
     * The original 8.2.0 stacked channel implementation (and the patch
     * that preceded it) had problems with scalability and robustness.
     * These were address in 8.3.2 / 8.4a2, so we now require that as a
     * minimum for TLS 1.4+.  We only support 8.2+ now (8.3.2+ preferred).
     */
................................................................................
    if (SSL_library_init() != 1) {
        Tcl_AppendResult(interp, "could not initialize SSL library", NULL);
	return TCL_ERROR;
    }
    SSL_load_error_strings();
    ERR_load_crypto_strings();

    /*
     * Seed the random number generator in the SSL library
     */
    srand((unsigned int) time((time_t *) NULL));
    for (i = 0; i < 16; i++) {
	rnd_seed[i] = 1 + (char) (255.0 * rand()/(RAND_MAX+1.0));
    }
    RAND_seed(rnd_seed, sizeof(rnd_seed));

    Tcl_CreateObjCommand(interp, "tls::ciphers", CiphersObjCmd,
	    (ClientData) 0, (Tcl_CmdDeleteProc *) NULL);

    Tcl_CreateObjCommand(interp, "tls::handshake", HandshakeObjCmd,
	    (ClientData) 0, (Tcl_CmdDeleteProc *) NULL);

    Tcl_CreateObjCommand(interp, "tls::import", ImportObjCmd,