Check rng return value when generating TLS session identifiers

author Martin Willi <martin@revosec.ch>

Fri, 6 Jul 2012 11:55:42 +0000 (13:55 +0200)

committer Martin Willi <martin@revosec.ch>

Mon, 16 Jul 2012 12:53:37 +0000 (14:53 +0200)
author Martin Willi <martin@revosec.ch>
Fri, 6 Jul 2012 11:55:42 +0000 (13:55 +0200)
committer Martin Willi <martin@revosec.ch>
Mon, 16 Jul 2012 12:53:37 +0000 (14:53 +0200)
diff --git a/src/libtls/tls_server.c b/src/libtls/tls_server.c

index c8fa276..a66448d 100644 (file)
--- a/src/libtls/tls_server.c
+++ b/src/libtls/tls_server.c
@@ -313,11 +313,11 @@ static status_t process_client_hello(private_tls_server_t *this,
                         return NEED_MORE;
                 }
                 rng = lib->crypto->create_rng(lib->crypto, RNG_STRONG);
-               if (rng)
+               if (!rng || !rng->allocate_bytes(rng, SESSION_ID_SIZE, &this->session))
                 {
-                       rng->allocate_bytes(rng, SESSION_ID_SIZE, &this->session);
-                       rng->destroy(rng);
+                       DBG1(DBG_TLS, "generating TLS session identifier failed, skipped");
                 }
+               DESTROY_IF(rng);
                 DBG1(DBG_TLS, "negotiated %N using suite %N",
                          tls_version_names, this->tls->get_version(this->tls),
                          tls_cipher_suite_names, this->suite);
author	Martin Willi <martin@revosec.ch>
	Fri, 6 Jul 2012 11:55:42 +0000 (13:55 +0200)
committer	Martin Willi <martin@revosec.ch>
	Mon, 16 Jul 2012 12:53:37 +0000 (14:53 +0200)