Check-in [dfc33d3b84]
Bounty program for improvements to Tcl and certain Tcl packages.
Overview
Comment: * tls.c (Tls_Init): add do/while for random number initialization to work around some OSes quirks. ([email protected])
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA1: dfc33d3b843a1deedb974dcc8131c2d15126df6f
User & Date: hobbs on 2001-03-14 22:04:35
Other Links: manifest | tags
Context
2001-06-21
20:45
tests/tclIO.test: updated to use new names for certs/keys. check-in: c44ceb8da1 user: hobbs tags: trunk
2001-03-14
22:04
* tls.c (Tls_Init): add do/while for random number initialization to work around some OSes quirks. ([email protected]) check-in: dfc33d3b84 user: hobbs tags: trunk
2000-09-07
21:16
* tlsIO.c (Tls_ChannelType): set typeName field of channel type to "tls" (this got lost in move to dynamic version compatability checking). check-in: 44b2bc9c7a user: hobbs tags: trunk
Changes

Modified ChangeLog from [782bd8abaa] to [9d7c1d4605].






1
2
3
4
5
6
7




2000-09-07  Jeff Hobbs  <[email protected]>

	* tlsIO.c (Tls_ChannelType): set typeName field of channel type to
	"tls" (this got lost in move to dynamic version compatability
	checking).

2000-08-23  Jeff Hobbs  <[email protected]>
>
>
>
>
>







1
2
3
4
5
6
7
8
9
10
11
12
2001-03-14  Jeff Hobbs  <[email protected]>

	* tls.c (Tls_Init): add do/while for random number initialization
	to work around some OSes quirks.  ([email protected])

2000-09-07  Jeff Hobbs  <[email protected]>

	* tlsIO.c (Tls_ChannelType): set typeName field of channel type to
	"tls" (this got lost in move to dynamic version compatability
	checking).

2000-08-23  Jeff Hobbs  <[email protected]>

Modified tls.c from [860e712dac] to [7a7ec2f3d3].

1
2
3
4
5
6
7
8
9
10
11
12
....
1177
1178
1179
1180
1181
1182
1183
1184







1185
1186

1187
1188
1189
1190

1191
1192
1193
1194
1195
1196
1197
/*
 * Copyright (C) 1997-1999 Matt Newman <[email protected]>
 * Copyright (C) 2000 Ajuba Solutions
 *
 * $Header: /home/rkeene/tmp/cvs2fossil/../tcltls/tls/tls/tls.c,v 1.12 2000/08/18 19:22:25 hobbs Exp $
 *
 * TLS (aka SSL) Channel - can be layered on any bi-directional
 * Tcl_Channel (Note: Requires Trf Core Patch)
 *
 * This was built (almost) from scratch based upon observation of
 * OpenSSL 0.9.2B
 *
................................................................................
        Tcl_AppendResult(interp, "could not initialize SSL library", NULL);
	return TCL_ERROR;
    }
    SSL_load_error_strings();
    ERR_load_crypto_strings();

    /*
     * Seed the random number generator in the SSL library







     */
    srand((unsigned int) time((time_t *) NULL));

    for (i = 0; i < 16; i++) {
	rnd_seed[i] = 1 + (char) (255.0 * rand()/(RAND_MAX+1.0));
    }
    RAND_seed(rnd_seed, sizeof(rnd_seed));


    Tcl_CreateObjCommand(interp, "tls::ciphers", CiphersObjCmd,
	    (ClientData) 0, (Tcl_CmdDeleteProc *) NULL);

    Tcl_CreateObjCommand(interp, "tls::handshake", HandshakeObjCmd,
	    (ClientData) 0, (Tcl_CmdDeleteProc *) NULL);




|







 







|
>
>
>
>
>
>
>


>
|
|
|
|
>







1
2
3
4
5
6
7
8
9
10
11
12
....
1177
1178
1179
1180
1181
1182
1183
1184
1185
1186
1187
1188
1189
1190
1191
1192
1193
1194
1195
1196
1197
1198
1199
1200
1201
1202
1203
1204
1205
1206
/*
 * Copyright (C) 1997-1999 Matt Newman <[email protected]>
 * Copyright (C) 2000 Ajuba Solutions
 *
 * $Header: /home/rkeene/tmp/cvs2fossil/../tcltls/tls/tls/tls.c,v 1.13 2001/03/14 22:04:35 hobbs Exp $
 *
 * TLS (aka SSL) Channel - can be layered on any bi-directional
 * Tcl_Channel (Note: Requires Trf Core Patch)
 *
 * This was built (almost) from scratch based upon observation of
 * OpenSSL 0.9.2B
 *
................................................................................
        Tcl_AppendResult(interp, "could not initialize SSL library", NULL);
	return TCL_ERROR;
    }
    SSL_load_error_strings();
    ERR_load_crypto_strings();

    /*
     * Seed the random number generator in the SSL library,
     * using the do/while construct because of the bug note in the
     * OpenSSL FAQ at http://www.openssl.org/support/faq.html#USER1
     *
     * The crux of the problem is that Solaris 7 does not have a 
     * /dev/random or /dev/urandom device so it cannot gather enough
     * entropy from the RAND_seed() when TLS initializes and refuses
     * to go further. Earlier versions of OpenSSL carried on regardless.
     */
    srand((unsigned int) time((time_t *) NULL));
    do {
	for (i = 0; i < 16; i++) {
	    rnd_seed[i] = 1 + (char) (255.0 * rand()/(RAND_MAX+1.0));
	}
	RAND_seed(rnd_seed, sizeof(rnd_seed));
    } while (RAND_status() != 1);

    Tcl_CreateObjCommand(interp, "tls::ciphers", CiphersObjCmd,
	    (ClientData) 0, (Tcl_CmdDeleteProc *) NULL);

    Tcl_CreateObjCommand(interp, "tls::handshake", HandshakeObjCmd,
	    (ClientData) 0, (Tcl_CmdDeleteProc *) NULL);