aboutsummaryrefslogtreecommitdiffstats
path: root/src/libtls/tls_peer.c
diff options
context:
space:
mode:
authorTobias Brunner <tobias@strongswan.org>2012-06-25 16:04:40 +0200
committerMartin Willi <martin@revosec.ch>2012-07-16 14:53:37 +0200
commit126eb2af591b56039ecf3d5d985c978eba62d88f (patch)
tree29b6dc8ef61aa0540bc64492149eb76cba11f558 /src/libtls/tls_peer.c
parente59f983160ad2461c660a9a4cf8e0a7584f41aae (diff)
downloadstrongswan-126eb2af591b56039ecf3d5d985c978eba62d88f.tar.bz2
strongswan-126eb2af591b56039ecf3d5d985c978eba62d88f.tar.xz
Check rng return value when generating secrets and IVs in libtls
Diffstat (limited to 'src/libtls/tls_peer.c')
-rw-r--r--src/libtls/tls_peer.c14
1 files changed, 8 insertions, 6 deletions
diff --git a/src/libtls/tls_peer.c b/src/libtls/tls_peer.c
index 068dd3ae7..65072d087 100644
--- a/src/libtls/tls_peer.c
+++ b/src/libtls/tls_peer.c
@@ -709,13 +709,15 @@ static status_t send_client_hello(private_tls_peer_t *this,
htoun32(&this->client_random, time(NULL));
rng = lib->crypto->create_rng(lib->crypto, RNG_WEAK);
- if (!rng)
+ if (!rng ||
+ !rng->get_bytes(rng, sizeof(this->client_random) - 4,
+ this->client_random + 4))
{
- DBG1(DBG_TLS, "no suitable RNG found to generate client random");
+ DBG1(DBG_TLS, "failed to generate client random");
this->alert->add(this->alert, TLS_FATAL, TLS_INTERNAL_ERROR);
+ DESTROY_IF(rng);
return NEED_MORE;
}
- rng->get_bytes(rng, sizeof(this->client_random) - 4, this->client_random + 4);
rng->destroy(rng);
/* TLS version */
@@ -903,13 +905,13 @@ static status_t send_key_exchange_encrypt(private_tls_peer_t *this,
chunk_t encrypted;
rng = lib->crypto->create_rng(lib->crypto, RNG_STRONG);
- if (!rng)
+ if (!rng || !rng->get_bytes(rng, sizeof(premaster) - 2, premaster + 2))
{
- DBG1(DBG_TLS, "no suitable RNG found for TLS premaster secret");
+ DBG1(DBG_TLS, "failed to generate TLS premaster secret");
this->alert->add(this->alert, TLS_FATAL, TLS_INTERNAL_ERROR);
+ DESTROY_IF(rng);
return NEED_MORE;
}
- rng->get_bytes(rng, sizeof(premaster) - 2, premaster + 2);
rng->destroy(rng);
htoun16(premaster, TLS_1_2);