Check-in [dfc33d3b84]
Bounty program for improvements to Tcl and certain Tcl packages.
Overview
Comment: * tls.c (Tls_Init): add do/while for random number initialization to work around some OSes quirks. ([email protected])
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA1: dfc33d3b843a1deedb974dcc8131c2d15126df6f
User & Date: hobbs on 2001-03-14 22:04:35
Other Links: manifest | tags
Context
2001-06-21
20:45
tests/tclIO.test: updated to use new names for certs/keys. check-in: c44ceb8da1 user: hobbs tags: trunk
2001-03-14
22:04
* tls.c (Tls_Init): add do/while for random number initialization to work around some OSes quirks. ([email protected]) check-in: dfc33d3b84 user: hobbs tags: trunk
2000-09-07
21:16
* tlsIO.c (Tls_ChannelType): set typeName field of channel type to "tls" (this got lost in move to dynamic version compatability checking). check-in: 44b2bc9c7a user: hobbs tags: trunk
Changes

Modified ChangeLog from [782bd8abaa] to [9d7c1d4605].





1
2
3
4
5
6
7




2000-09-07  Jeff Hobbs  <[email protected]>

	* tlsIO.c (Tls_ChannelType): set typeName field of channel type to
	"tls" (this got lost in move to dynamic version compatability
	checking).

2000-08-23  Jeff Hobbs  <[email protected]>
>
>
>
>
>







1
2
3
4
5
6
7
8
9
10
11
12
2001-03-14  Jeff Hobbs  <[email protected]>

	* tls.c (Tls_Init): add do/while for random number initialization
	to work around some OSes quirks.  ([email protected])

2000-09-07  Jeff Hobbs  <[email protected]>

	* tlsIO.c (Tls_ChannelType): set typeName field of channel type to
	"tls" (this got lost in move to dynamic version compatability
	checking).

2000-08-23  Jeff Hobbs  <[email protected]>

Modified tls.c from [860e712dac] to [7a7ec2f3d3].

1
2
3
4
5
6
7
8
9
10
11
12
/*
 * Copyright (C) 1997-1999 Matt Newman <[email protected]>
 * Copyright (C) 2000 Ajuba Solutions
 *
 * $Header: /home/rkeene/tmp/cvs2fossil/../tcltls/tls/tls/tls.c,v 1.12 2000/08/18 19:22:25 hobbs Exp $
 *
 * TLS (aka SSL) Channel - can be layered on any bi-directional
 * Tcl_Channel (Note: Requires Trf Core Patch)
 *
 * This was built (almost) from scratch based upon observation of
 * OpenSSL 0.9.2B
 *



|







1
2
3
4
5
6
7
8
9
10
11
12
/*
 * Copyright (C) 1997-1999 Matt Newman <[email protected]>
 * Copyright (C) 2000 Ajuba Solutions
 *
 * $Header: /home/rkeene/tmp/cvs2fossil/../tcltls/tls/tls/tls.c,v 1.13 2001/03/14 22:04:35 hobbs Exp $
 *
 * TLS (aka SSL) Channel - can be layered on any bi-directional
 * Tcl_Channel (Note: Requires Trf Core Patch)
 *
 * This was built (almost) from scratch based upon observation of
 * OpenSSL 0.9.2B
 *
1177
1178
1179
1180
1181
1182
1183
1184







1185
1186

1187
1188
1189
1190

1191
1192
1193
1194
1195
1196
1197
        Tcl_AppendResult(interp, "could not initialize SSL library", NULL);
	return TCL_ERROR;
    }
    SSL_load_error_strings();
    ERR_load_crypto_strings();

    /*
     * Seed the random number generator in the SSL library







     */
    srand((unsigned int) time((time_t *) NULL));

    for (i = 0; i < 16; i++) {
	rnd_seed[i] = 1 + (char) (255.0 * rand()/(RAND_MAX+1.0));
    }
    RAND_seed(rnd_seed, sizeof(rnd_seed));


    Tcl_CreateObjCommand(interp, "tls::ciphers", CiphersObjCmd,
	    (ClientData) 0, (Tcl_CmdDeleteProc *) NULL);

    Tcl_CreateObjCommand(interp, "tls::handshake", HandshakeObjCmd,
	    (ClientData) 0, (Tcl_CmdDeleteProc *) NULL);







|
>
>
>
>
>
>
>


>




>







1177
1178
1179
1180
1181
1182
1183
1184
1185
1186
1187
1188
1189
1190
1191
1192
1193
1194
1195
1196
1197
1198
1199
1200
1201
1202
1203
1204
1205
1206
        Tcl_AppendResult(interp, "could not initialize SSL library", NULL);
	return TCL_ERROR;
    }
    SSL_load_error_strings();
    ERR_load_crypto_strings();

    /*
     * Seed the random number generator in the SSL library,
     * using the do/while construct because of the bug note in the
     * OpenSSL FAQ at http://www.openssl.org/support/faq.html#USER1
     *
     * The crux of the problem is that Solaris 7 does not have a 
     * /dev/random or /dev/urandom device so it cannot gather enough
     * entropy from the RAND_seed() when TLS initializes and refuses
     * to go further. Earlier versions of OpenSSL carried on regardless.
     */
    srand((unsigned int) time((time_t *) NULL));
    do {
    for (i = 0; i < 16; i++) {
	rnd_seed[i] = 1 + (char) (255.0 * rand()/(RAND_MAX+1.0));
    }
    RAND_seed(rnd_seed, sizeof(rnd_seed));
    } while (RAND_status() != 1);

    Tcl_CreateObjCommand(interp, "tls::ciphers", CiphersObjCmd,
	    (ClientData) 0, (Tcl_CmdDeleteProc *) NULL);

    Tcl_CreateObjCommand(interp, "tls::handshake", HandshakeObjCmd,
	    (ClientData) 0, (Tcl_CmdDeleteProc *) NULL);