SSL now gracefully handles missing RNG

This commit is contained in:
Paul Bakker 2013-11-21 17:31:06 +01:00
parent c941adba31
commit a1caf6e1e8
5 changed files with 16 additions and 3 deletions

View file

@ -6,6 +6,7 @@ Changes
Bugfix Bugfix
* Fixed X.509 hostname comparison (with non-regular characters) * Fixed X.509 hostname comparison (with non-regular characters)
* SSL now gracefully handles missing RNG
= Version 1.2.10 released 2013-10-07 = Version 1.2.10 released 2013-10-07
Changes Changes

View file

@ -64,7 +64,7 @@
#define POLARSSL_ERR_SSL_CONN_EOF -0x7280 /**< The connection indicated an EOF. */ #define POLARSSL_ERR_SSL_CONN_EOF -0x7280 /**< The connection indicated an EOF. */
#define POLARSSL_ERR_SSL_UNKNOWN_CIPHER -0x7300 /**< An unknown cipher was received. */ #define POLARSSL_ERR_SSL_UNKNOWN_CIPHER -0x7300 /**< An unknown cipher was received. */
#define POLARSSL_ERR_SSL_NO_CIPHER_CHOSEN -0x7380 /**< The server has no ciphersuites in common with the client. */ #define POLARSSL_ERR_SSL_NO_CIPHER_CHOSEN -0x7380 /**< The server has no ciphersuites in common with the client. */
#define POLARSSL_ERR_SSL_NO_SESSION_FOUND -0x7400 /**< No session to recover was found. */ #define POLARSSL_ERR_SSL_NO_RNG -0x7400 /**< No RNG was provided to the SSL module. */
#define POLARSSL_ERR_SSL_NO_CLIENT_CERTIFICATE -0x7480 /**< No client certification received from the client, but required by the authentication mode. */ #define POLARSSL_ERR_SSL_NO_CLIENT_CERTIFICATE -0x7480 /**< No client certification received from the client, but required by the authentication mode. */
#define POLARSSL_ERR_SSL_CERTIFICATE_TOO_LARGE -0x7500 /**< Our own certificate(s) is/are too large to send in an SSL message.*/ #define POLARSSL_ERR_SSL_CERTIFICATE_TOO_LARGE -0x7500 /**< Our own certificate(s) is/are too large to send in an SSL message.*/
#define POLARSSL_ERR_SSL_CERTIFICATE_REQUIRED -0x7580 /**< The own certificate is not set, but needed by the server. */ #define POLARSSL_ERR_SSL_CERTIFICATE_REQUIRED -0x7580 /**< The own certificate is not set, but needed by the server. */

View file

@ -282,8 +282,8 @@ void error_strerror( int ret, char *buf, size_t buflen )
snprintf( buf, buflen, "SSL - An unknown cipher was received" ); snprintf( buf, buflen, "SSL - An unknown cipher was received" );
if( use_ret == -(POLARSSL_ERR_SSL_NO_CIPHER_CHOSEN) ) if( use_ret == -(POLARSSL_ERR_SSL_NO_CIPHER_CHOSEN) )
snprintf( buf, buflen, "SSL - The server has no ciphersuites in common with the client" ); snprintf( buf, buflen, "SSL - The server has no ciphersuites in common with the client" );
if( use_ret == -(POLARSSL_ERR_SSL_NO_SESSION_FOUND) ) if( use_ret == -(POLARSSL_ERR_SSL_NO_RNG) )
snprintf( buf, buflen, "SSL - No session to recover was found" ); snprintf( buf, buflen, "SSL - No RNG was provided to the SSL module" );
if( use_ret == -(POLARSSL_ERR_SSL_NO_CLIENT_CERTIFICATE) ) if( use_ret == -(POLARSSL_ERR_SSL_NO_CLIENT_CERTIFICATE) )
snprintf( buf, buflen, "SSL - No client certification received from the client, but required by the authentication mode" ); snprintf( buf, buflen, "SSL - No client certification received from the client, but required by the authentication mode" );
if( use_ret == -(POLARSSL_ERR_SSL_CERTIFICATE_TOO_LARGE) ) if( use_ret == -(POLARSSL_ERR_SSL_CERTIFICATE_TOO_LARGE) )

View file

@ -50,6 +50,12 @@ static int ssl_write_client_hello( ssl_context *ssl )
SSL_DEBUG_MSG( 2, ( "=> write client hello" ) ); SSL_DEBUG_MSG( 2, ( "=> write client hello" ) );
if( ssl->f_rng == NULL )
{
SSL_DEBUG_MSG( 1, ( "no RNG provided") );
return( POLARSSL_ERR_SSL_NO_RNG );
}
if( ssl->renegotiation == SSL_INITIAL_HANDSHAKE ) if( ssl->renegotiation == SSL_INITIAL_HANDSHAKE )
{ {
ssl->major_ver = ssl->min_major_ver; ssl->major_ver = ssl->min_major_ver;

View file

@ -779,6 +779,12 @@ static int ssl_write_server_hello( ssl_context *ssl )
SSL_DEBUG_MSG( 2, ( "=> write server hello" ) ); SSL_DEBUG_MSG( 2, ( "=> write server hello" ) );
if( ssl->f_rng == NULL )
{
SSL_DEBUG_MSG( 1, ( "no RNG provided") );
return( POLARSSL_ERR_SSL_NO_RNG );
}
/* /*
* 0 . 0 handshake type * 0 . 0 handshake type
* 1 . 3 handshake length * 1 . 3 handshake length