aboutsummaryrefslogtreecommitdiffstats
path: root/src/libtls/tls_peer.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/libtls/tls_peer.c')
-rw-r--r--src/libtls/tls_peer.c14
1 files changed, 8 insertions, 6 deletions
diff --git a/src/libtls/tls_peer.c b/src/libtls/tls_peer.c
index 068dd3ae7..65072d087 100644
--- a/src/libtls/tls_peer.c
+++ b/src/libtls/tls_peer.c
@@ -709,13 +709,15 @@ static status_t send_client_hello(private_tls_peer_t *this,
htoun32(&this->client_random, time(NULL));
rng = lib->crypto->create_rng(lib->crypto, RNG_WEAK);
- if (!rng)
+ if (!rng ||
+ !rng->get_bytes(rng, sizeof(this->client_random) - 4,
+ this->client_random + 4))
{
- DBG1(DBG_TLS, "no suitable RNG found to generate client random");
+ DBG1(DBG_TLS, "failed to generate client random");
this->alert->add(this->alert, TLS_FATAL, TLS_INTERNAL_ERROR);
+ DESTROY_IF(rng);
return NEED_MORE;
}
- rng->get_bytes(rng, sizeof(this->client_random) - 4, this->client_random + 4);
rng->destroy(rng);
/* TLS version */
@@ -903,13 +905,13 @@ static status_t send_key_exchange_encrypt(private_tls_peer_t *this,
chunk_t encrypted;
rng = lib->crypto->create_rng(lib->crypto, RNG_STRONG);
- if (!rng)
+ if (!rng || !rng->get_bytes(rng, sizeof(premaster) - 2, premaster + 2))
{
- DBG1(DBG_TLS, "no suitable RNG found for TLS premaster secret");
+ DBG1(DBG_TLS, "failed to generate TLS premaster secret");
this->alert->add(this->alert, TLS_FATAL, TLS_INTERNAL_ERROR);
+ DESTROY_IF(rng);
return NEED_MORE;
}
- rng->get_bytes(rng, sizeof(premaster) - 2, premaster + 2);
rng->destroy(rng);
htoun16(premaster, TLS_1_2);
generated by cgit v1.2.3 (git 2.25.1) at 2025-09-14 17:46:01 +0000