SSL now gracefully handles missing RNG

2025-01-09 15:45:37 +00:00 · 2013-11-21 17:31:06 +01:00 · 2013-11-21 17:31:06 +01:00 · a1caf6e1e8
parent c941adba31
commit a1caf6e1e8
5 changed files with 16 additions and 3 deletions
--- a/1
+++ b/1
@ -6,6 +6,7 @@ Changes

 Bugfix
   * Fixed X.509 hostname comparison (with non-regular characters)
+   * SSL now gracefully handles missing RNG

 = Version 1.2.10 released 2013-10-07
 Changes
--- a/include/polarssl/ssl.h
+++ b/include/polarssl/ssl.h
@ -64,7 +64,7 @@
 #define POLARSSL_ERR_SSL_CONN_EOF                          -0x7280  /**< The connection indicated an EOF. */
 #define POLARSSL_ERR_SSL_UNKNOWN_CIPHER                    -0x7300  /**< An unknown cipher was received. */
 #define POLARSSL_ERR_SSL_NO_CIPHER_CHOSEN                  -0x7380  /**< The server has no ciphersuites in common with the client. */
-#define POLARSSL_ERR_SSL_NO_SESSION_FOUND                  -0x7400  /**< No session to recover was found. */
+#define POLARSSL_ERR_SSL_NO_RNG                            -0x7400  /**< No RNG was provided to the SSL module. */
 #define POLARSSL_ERR_SSL_NO_CLIENT_CERTIFICATE             -0x7480  /**< No client certification received from the client, but required by the authentication mode. */
 #define POLARSSL_ERR_SSL_CERTIFICATE_TOO_LARGE             -0x7500  /**< Our own certificate(s) is/are too large to send in an SSL message.*/
 #define POLARSSL_ERR_SSL_CERTIFICATE_REQUIRED              -0x7580  /**< The own certificate is not set, but needed by the server. */
--- a/library/error.c
+++ b/library/error.c
@ -282,8 +282,8 @@ void error_strerror( int ret, char *buf, size_t buflen )
            snprintf( buf, buflen, "SSL - An unknown cipher was received" );
        if( use_ret == -(POLARSSL_ERR_SSL_NO_CIPHER_CHOSEN) )
            snprintf( buf, buflen, "SSL - The server has no ciphersuites in common with the client" );
-        if( use_ret == -(POLARSSL_ERR_SSL_NO_SESSION_FOUND) )
-            snprintf( buf, buflen, "SSL - No session to recover was found" );
+        if( use_ret == -(POLARSSL_ERR_SSL_NO_RNG) )
+            snprintf( buf, buflen, "SSL - No RNG was provided to the SSL module" );
        if( use_ret == -(POLARSSL_ERR_SSL_NO_CLIENT_CERTIFICATE) )
            snprintf( buf, buflen, "SSL - No client certification received from the client, but required by the authentication mode" );
        if( use_ret == -(POLARSSL_ERR_SSL_CERTIFICATE_TOO_LARGE) )
--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c
@ -50,6 +50,12 @@ static int ssl_write_client_hello( ssl_context *ssl )

    SSL_DEBUG_MSG( 2, ( "=> write client hello" ) );

+    if( ssl->f_rng == NULL )
+    {
+        SSL_DEBUG_MSG( 1, ( "no RNG provided") );
+        return( POLARSSL_ERR_SSL_NO_RNG );
+    }
+
    if( ssl->renegotiation == SSL_INITIAL_HANDSHAKE )
    {
        ssl->major_ver = ssl->min_major_ver;
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c
@ -779,6 +779,12 @@ static int ssl_write_server_hello( ssl_context *ssl )

    SSL_DEBUG_MSG( 2, ( "=> write server hello" ) );

+    if( ssl->f_rng == NULL )
+    {
+        SSL_DEBUG_MSG( 1, ( "no RNG provided") );
+        return( POLARSSL_ERR_SSL_NO_RNG );
+    }
+
    /*
     *     0  .   0   handshake type
     *     1  .   3   handshake length