mirror of
				https://github.com/yuzu-emu/mbedtls.git
				synced 2025-10-26 16:07:04 +00:00 
			
		
		
		
	SSL now gracefully handles missing RNG
This commit is contained in:
		
							parent
							
								
									c941adba31
								
							
						
					
					
						commit
						a1caf6e1e8
					
				|  | @ -6,6 +6,7 @@ Changes | |||
| 
 | ||||
| Bugfix | ||||
|    * Fixed X.509 hostname comparison (with non-regular characters) | ||||
|    * SSL now gracefully handles missing RNG | ||||
| 
 | ||||
| = Version 1.2.10 released 2013-10-07 | ||||
| Changes | ||||
|  |  | |||
|  | @ -64,7 +64,7 @@ | |||
| #define POLARSSL_ERR_SSL_CONN_EOF                          -0x7280  /**< The connection indicated an EOF. */ | ||||
| #define POLARSSL_ERR_SSL_UNKNOWN_CIPHER                    -0x7300  /**< An unknown cipher was received. */ | ||||
| #define POLARSSL_ERR_SSL_NO_CIPHER_CHOSEN                  -0x7380  /**< The server has no ciphersuites in common with the client. */ | ||||
| #define POLARSSL_ERR_SSL_NO_SESSION_FOUND                  -0x7400  /**< No session to recover was found. */ | ||||
| #define POLARSSL_ERR_SSL_NO_RNG                            -0x7400  /**< No RNG was provided to the SSL module. */ | ||||
| #define POLARSSL_ERR_SSL_NO_CLIENT_CERTIFICATE             -0x7480  /**< No client certification received from the client, but required by the authentication mode. */ | ||||
| #define POLARSSL_ERR_SSL_CERTIFICATE_TOO_LARGE             -0x7500  /**< Our own certificate(s) is/are too large to send in an SSL message.*/ | ||||
| #define POLARSSL_ERR_SSL_CERTIFICATE_REQUIRED              -0x7580  /**< The own certificate is not set, but needed by the server. */ | ||||
|  |  | |||
|  | @ -282,8 +282,8 @@ void error_strerror( int ret, char *buf, size_t buflen ) | |||
|             snprintf( buf, buflen, "SSL - An unknown cipher was received" ); | ||||
|         if( use_ret == -(POLARSSL_ERR_SSL_NO_CIPHER_CHOSEN) ) | ||||
|             snprintf( buf, buflen, "SSL - The server has no ciphersuites in common with the client" ); | ||||
|         if( use_ret == -(POLARSSL_ERR_SSL_NO_SESSION_FOUND) ) | ||||
|             snprintf( buf, buflen, "SSL - No session to recover was found" ); | ||||
|         if( use_ret == -(POLARSSL_ERR_SSL_NO_RNG) ) | ||||
|             snprintf( buf, buflen, "SSL - No RNG was provided to the SSL module" ); | ||||
|         if( use_ret == -(POLARSSL_ERR_SSL_NO_CLIENT_CERTIFICATE) ) | ||||
|             snprintf( buf, buflen, "SSL - No client certification received from the client, but required by the authentication mode" ); | ||||
|         if( use_ret == -(POLARSSL_ERR_SSL_CERTIFICATE_TOO_LARGE) ) | ||||
|  |  | |||
|  | @ -50,6 +50,12 @@ static int ssl_write_client_hello( ssl_context *ssl ) | |||
| 
 | ||||
|     SSL_DEBUG_MSG( 2, ( "=> write client hello" ) ); | ||||
| 
 | ||||
|     if( ssl->f_rng == NULL ) | ||||
|     { | ||||
|         SSL_DEBUG_MSG( 1, ( "no RNG provided") ); | ||||
|         return( POLARSSL_ERR_SSL_NO_RNG ); | ||||
|     } | ||||
| 
 | ||||
|     if( ssl->renegotiation == SSL_INITIAL_HANDSHAKE ) | ||||
|     { | ||||
|         ssl->major_ver = ssl->min_major_ver; | ||||
|  |  | |||
|  | @ -779,6 +779,12 @@ static int ssl_write_server_hello( ssl_context *ssl ) | |||
| 
 | ||||
|     SSL_DEBUG_MSG( 2, ( "=> write server hello" ) ); | ||||
| 
 | ||||
|     if( ssl->f_rng == NULL ) | ||||
|     { | ||||
|         SSL_DEBUG_MSG( 1, ( "no RNG provided") ); | ||||
|         return( POLARSSL_ERR_SSL_NO_RNG ); | ||||
|     } | ||||
| 
 | ||||
|     /*
 | ||||
|      *     0  .   0   handshake type | ||||
|      *     1  .   3   handshake length | ||||
|  |  | |||
		Loading…
	
		Reference in a new issue