diff options
author | Martin Willi <martin@revosec.ch> | 2012-07-06 13:55:42 +0200 |
---|---|---|
committer | Martin Willi <martin@revosec.ch> | 2012-07-16 14:53:37 +0200 |
commit | bb5eb15ccc9d8d96c411abfd05e1ba92fb72b98a (patch) | |
tree | 9e47dee8dc0c2e810b20c1f22d327b9c4e870c44 /src/libtls/tls_server.c | |
parent | 6a3e4ed9165364fcae4077a2c2d0fe79de0c3174 (diff) | |
download | strongswan-bb5eb15ccc9d8d96c411abfd05e1ba92fb72b98a.tar.bz2 strongswan-bb5eb15ccc9d8d96c411abfd05e1ba92fb72b98a.tar.xz |
Check rng return value when generating TLS session identifiers
Diffstat (limited to 'src/libtls/tls_server.c')
-rw-r--r-- | src/libtls/tls_server.c | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/src/libtls/tls_server.c b/src/libtls/tls_server.c index c8fa27611..a66448d24 100644 --- a/src/libtls/tls_server.c +++ b/src/libtls/tls_server.c @@ -313,11 +313,11 @@ static status_t process_client_hello(private_tls_server_t *this, return NEED_MORE; } rng = lib->crypto->create_rng(lib->crypto, RNG_STRONG); - if (rng) + if (!rng || !rng->allocate_bytes(rng, SESSION_ID_SIZE, &this->session)) { - rng->allocate_bytes(rng, SESSION_ID_SIZE, &this->session); - rng->destroy(rng); + DBG1(DBG_TLS, "generating TLS session identifier failed, skipped"); } + DESTROY_IF(rng); DBG1(DBG_TLS, "negotiated %N using suite %N", tls_version_names, this->tls->get_version(this->tls), tls_cipher_suite_names, this->suite); |