Check rng return value when generating TLS session identifiers

author: Martin Willi <martin@revosec.ch> 2012-07-06 13:55:42 +0200
committer: Martin Willi <martin@revosec.ch> 2012-07-16 14:53:37 +0200
commit: bb5eb15ccc9d8d96c411abfd05e1ba92fb72b98a (patch)
tree: 9e47dee8dc0c2e810b20c1f22d327b9c4e870c44 /src/libtls/tls_server.c
parent: 6a3e4ed9165364fcae4077a2c2d0fe79de0c3174 (diff)
download: strongswan-bb5eb15ccc9d8d96c411abfd05e1ba92fb72b98a.tar.bz2
strongswan-bb5eb15ccc9d8d96c411abfd05e1ba92fb72b98a.tar.xz
1 files changed, 3 insertions, 3 deletions
diff --git a/src/libtls/tls_server.c b/src/libtls/tls_server.c
index c8fa27611..a66448d24 100644
--- a/src/libtls/tls_server.c
+++ b/src/libtls/tls_server.c
@@ -313,11 +313,11 @@ static status_t process_client_hello(private_tls_server_t *this,
 			return NEED_MORE;
 		}
 		rng = lib->crypto->create_rng(lib->crypto, RNG_STRONG);
-		if (rng)
+		if (!rng || !rng->allocate_bytes(rng, SESSION_ID_SIZE, &this->session))
 		{
-			rng->allocate_bytes(rng, SESSION_ID_SIZE, &this->session);
-			rng->destroy(rng);
+			DBG1(DBG_TLS, "generating TLS session identifier failed, skipped");
 		}
+		DESTROY_IF(rng);
 		DBG1(DBG_TLS, "negotiated %N using suite %N",
 			 tls_version_names, this->tls->get_version(this->tls),
 			 tls_cipher_suite_names, this->suite);
author	Martin Willi <martin@revosec.ch>	2012-07-06 13:55:42 +0200
committer	Martin Willi <martin@revosec.ch>	2012-07-16 14:53:37 +0200
commit	bb5eb15ccc9d8d96c411abfd05e1ba92fb72b98a (patch)
tree	9e47dee8dc0c2e810b20c1f22d327b9c4e870c44 /src/libtls/tls_server.c
parent	6a3e4ed9165364fcae4077a2c2d0fe79de0c3174 (diff)
download	strongswan-bb5eb15ccc9d8d96c411abfd05e1ba92fb72b98a.tar.bz2 strongswan-bb5eb15ccc9d8d96c411abfd05e1ba92fb72b98a.tar.xz