Index: ChangeLog ================================================================== --- ChangeLog +++ ChangeLog @@ -1,5 +1,19 @@ +2000-08-18 Jeff Hobbs + + * tls.c (Tls_Init): added call to RAND_seed to seed the SSL random + number generator. Without this, OpenSSL 0.9.5 chokes, and in any + case it is a big security hole to do without it. + + * configure.in (OPENSSL): added NO_IDEA and NO_RC5 defines by + default when compiling with OpenSSL. + + * tlsInt.h: added err.h include + + * tlsBIO.c: + * tlsIO.c: corrected pedantic cast errors. + 2000-08-16 Jeff Hobbs * tests/ciphers.test: improved ability to change constraint setting for whether user compiled against RSA or OpenSSL libs. Index: tls.c ================================================================== --- tls.c +++ tls.c @@ -1,10 +1,10 @@ /* * Copyright (C) 1997-1999 Matt Newman * Copyright (C) 2000 Ajuba Solutions * - * $Header: /home/rkeene/tmp/cvs2fossil/../tcltls/tls/tls/tls.c,v 1.11 2000/08/16 17:44:05 hobbs Exp $ + * $Header: /home/rkeene/tmp/cvs2fossil/../tcltls/tls/tls/tls.c,v 1.12 2000/08/18 19:22:25 hobbs Exp $ * * TLS (aka SSL) Channel - can be layered on any bi-directional * Tcl_Channel (Note: Requires Trf Core Patch) * * This was built (almost) from scratch based upon observation of @@ -20,10 +20,11 @@ * */ #include "tlsInt.h" #include "tclOpts.h" +#include /* * External functions */ @@ -133,11 +134,10 @@ InfoCallback(SSL *ssl, int where, int ret) { State *statePtr = (State*)SSL_get_app_data(ssl); Tcl_Obj *cmdPtr; char *major; char *minor; - int w; if (statePtr->callback == (Tcl_Obj*)NULL) return; cmdPtr = Tcl_DuplicateObj(statePtr->callback); @@ -1137,11 +1137,12 @@ int Tls_Init(Tcl_Interp *interp) /* Interpreter in which the package is * to be made available. */ { - int major, minor, patchlevel, release; + int major, minor, patchlevel, release, i; + char rnd_seed[16] = "GrzSlplKqUdnnzP!"; /* 16 bytes */ /* * The original 8.2.0 stacked channel implementation (and the patch * that preceded it) had problems with scalability and robustness. * These were address in 8.3.2 / 8.4a2, so we now require that as a @@ -1177,10 +1178,19 @@ return TCL_ERROR; } SSL_load_error_strings(); ERR_load_crypto_strings(); + /* + * Seed the random number generator in the SSL library + */ + srand((unsigned int) time((time_t *) NULL)); + for (i = 0; i < 16; i++) { + rnd_seed[i] = 1 + (char) (255.0 * rand()/(RAND_MAX+1.0)); + } + RAND_seed(rnd_seed, sizeof(rnd_seed)); + Tcl_CreateObjCommand(interp, "tls::ciphers", CiphersObjCmd, (ClientData) 0, (Tcl_CmdDeleteProc *) NULL); Tcl_CreateObjCommand(interp, "tls::handshake", HandshakeObjCmd, (ClientData) 0, (Tcl_CmdDeleteProc *) NULL);