Check rng return value when generating secrets and IVs in libtls

author: Tobias Brunner <tobias@strongswan.org> 2012-06-25 16:04:40 +0200
committer: Martin Willi <martin@revosec.ch> 2012-07-16 14:53:37 +0200
commit: 126eb2af591b56039ecf3d5d985c978eba62d88f (patch)
tree: 29b6dc8ef61aa0540bc64492149eb76cba11f558 /src/libtls/tls_protection.c
parent: e59f983160ad2461c660a9a4cf8e0a7584f41aae (diff)
download: strongswan-126eb2af591b56039ecf3d5d985c978eba62d88f.tar.bz2
strongswan-126eb2af591b56039ecf3d5d985c978eba62d88f.tar.xz
1 files changed, 4 insertions, 4 deletions
diff --git a/src/libtls/tls_protection.c b/src/libtls/tls_protection.c
index 7120ca83e..a92e902e5 100644
--- a/src/libtls/tls_protection.c
+++ b/src/libtls/tls_protection.c
@@ -243,14 +243,14 @@ METHOD(tls_protection_t, build, status_t,
 				}
 				else
 				{	/* TLSv1.1 uses random IVs, prepended to record */
-					if (!this->rng)
+					iv.len = this->crypter_out->get_iv_size(this->crypter_out);
+					if (!this->rng ||
+						!this->rng->allocate_bytes(this->rng, iv.len, &iv))
 					{
-						DBG1(DBG_TLS, "no RNG supported to generate TLS IV");
+						DBG1(DBG_TLS, "failed to generate TLS IV");
 						free(data->ptr);
 						return FAILED;
 					}
-					iv.len = this->crypter_out->get_iv_size(this->crypter_out);
-					this->rng->allocate_bytes(this->rng, iv.len, &iv);
 				}
 
 				*data = chunk_cat("mmcc", *data, mac, padding,
author	Tobias Brunner <tobias@strongswan.org>	2012-06-25 16:04:40 +0200
committer	Martin Willi <martin@revosec.ch>	2012-07-16 14:53:37 +0200
commit	126eb2af591b56039ecf3d5d985c978eba62d88f (patch)
tree	29b6dc8ef61aa0540bc64492149eb76cba11f558 /src/libtls/tls_protection.c
parent	e59f983160ad2461c660a9a4cf8e0a7584f41aae (diff)
download	strongswan-126eb2af591b56039ecf3d5d985c978eba62d88f.tar.bz2 strongswan-126eb2af591b56039ecf3d5d985c978eba62d88f.tar.xz