Revision - d40ec4a - Stop DTLS servers asking for unsafe legacy renegotiation – ENEA Mirror of the Software Heritage archive

Revision d40ec4ab8e7c0ff39bf4f9918fbb9dfdca4c5221 authored by Matt Caswell on 10 November 2015, 15:17:42 UTC, committed by Matt Caswell on 10 November 2015, 19:24:20 UTC

Stop DTLS servers asking for unsafe legacy renegotiation

If a DTLS client that does not support secure renegotiation connects to an
OpenSSL DTLS server then, by default, renegotiation is disabled. If a
server application attempts to initiate a renegotiation then OpenSSL is
supposed to prevent this. However due to a discrepancy between the TLS and
DTLS code, the server sends a HelloRequest anyway in DTLS.

This is not a security concern because the handshake will still fail later
in the process when the client responds with a ClientHello.

Reviewed-by: Tim Hudson <tjh@openssl.org>

1 parent 15a7164

Files
Changes

Permalinks

Randomizer.h


// Gathers unpredictable system data to be used for generating
// random bits

#include <MacTypes.h>

class CRandomizer {
 public:
    CRandomizer(void);
    void PeriodicAction(void);

 private:

    // Private calls

    void AddTimeSinceMachineStartup(void);
    void AddAbsoluteSystemStartupTime(void);
    void AddAppRunningTime(void);
    void AddStartupVolumeInfo(void);
    void AddFiller(void);

    void AddCurrentMouse(void);
    void AddNow(double millisecondUncertainty);
    void AddBytes(void *data, long size, double entropy);

    void GetTimeBaseResolution(void);
    unsigned long SysTimer(void);

    // System Info
    bool mSupportsLargeVolumes;
    bool mIsPowerPC;
    bool mIs601;

    // Time info
    double mTimebaseTicksPerMillisec;
    unsigned long mLastPeriodicTicks;

    // Mouse info
    long mSamplePeriod;
    Point mLastMouse;
    long mMouseStill;
};

Showing with 0 additions and 0 deletions (0 / 0 diffs computed)

Computing file changes ...