diff options
author | Tobias Brunner <tobias@strongswan.org> | 2012-06-25 16:04:40 +0200 |
---|---|---|
committer | Martin Willi <martin@revosec.ch> | 2012-07-16 14:53:37 +0200 |
commit | 126eb2af591b56039ecf3d5d985c978eba62d88f (patch) | |
tree | 29b6dc8ef61aa0540bc64492149eb76cba11f558 /src/libtls/tls_server.c | |
parent | e59f983160ad2461c660a9a4cf8e0a7584f41aae (diff) | |
download | strongswan-126eb2af591b56039ecf3d5d985c978eba62d88f.tar.bz2 strongswan-126eb2af591b56039ecf3d5d985c978eba62d88f.tar.xz |
Check rng return value when generating secrets and IVs in libtls
Diffstat (limited to 'src/libtls/tls_server.c')
-rw-r--r-- | src/libtls/tls_server.c | 14 |
1 files changed, 8 insertions, 6 deletions
diff --git a/src/libtls/tls_server.c b/src/libtls/tls_server.c index 8d6a9336d..c8fa27611 100644 --- a/src/libtls/tls_server.c +++ b/src/libtls/tls_server.c @@ -266,13 +266,15 @@ static status_t process_client_hello(private_tls_server_t *this, htoun32(&this->server_random, time(NULL)); rng = lib->crypto->create_rng(lib->crypto, RNG_WEAK); - if (!rng) + if (!rng || + !rng->get_bytes(rng, sizeof(this->server_random) - 4, + this->server_random + 4)) { - DBG1(DBG_TLS, "no suitable RNG found to generate server random"); + DBG1(DBG_TLS, "failed to generate server random"); this->alert->add(this->alert, TLS_FATAL, TLS_INTERNAL_ERROR); + DESTROY_IF(rng); return NEED_MORE; } - rng->get_bytes(rng, sizeof(this->server_random) - 4, this->server_random + 4); rng->destroy(rng); if (!this->tls->set_version(this->tls, version)) @@ -407,13 +409,13 @@ static status_t process_key_exchange_encrypted(private_tls_server_t *this, htoun16(premaster, this->client_version); /* pre-randomize premaster for failure cases */ rng = lib->crypto->create_rng(lib->crypto, RNG_WEAK); - if (!rng) + if (!rng || !rng->get_bytes(rng, sizeof(premaster) - 2, premaster + 2)) { - DBG1(DBG_TLS, "creating RNG failed"); + DBG1(DBG_TLS, "failed to generate premaster secret"); this->alert->add(this->alert, TLS_FATAL, TLS_INTERNAL_ERROR); + DESTROY_IF(rng); return NEED_MORE; } - rng->get_bytes(rng, sizeof(premaster) - 2, premaster + 2); rng->destroy(rng); if (this->private && |