mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-12-23 00:05:35 +00:00
SSL now gracefully handles missing RNG
This commit is contained in:
parent
f2b4d86452
commit
a9a028ebd0
|
@ -3,6 +3,7 @@ PolarSSL ChangeLog (Sorted per branch, date)
|
||||||
= PolarSSL 1.3 branch
|
= PolarSSL 1.3 branch
|
||||||
Bugfix
|
Bugfix
|
||||||
* Fixed X.509 hostname comparison (with non-regular characters)
|
* Fixed X.509 hostname comparison (with non-regular characters)
|
||||||
|
* SSL now gracefully handles missing RNG
|
||||||
|
|
||||||
= PolarSSL 1.3.2 released on 2013-11-04
|
= PolarSSL 1.3.2 released on 2013-11-04
|
||||||
Features
|
Features
|
||||||
|
|
|
@ -101,7 +101,7 @@
|
||||||
#define POLARSSL_ERR_SSL_CONN_EOF -0x7280 /**< The connection indicated an EOF. */
|
#define POLARSSL_ERR_SSL_CONN_EOF -0x7280 /**< The connection indicated an EOF. */
|
||||||
#define POLARSSL_ERR_SSL_UNKNOWN_CIPHER -0x7300 /**< An unknown cipher was received. */
|
#define POLARSSL_ERR_SSL_UNKNOWN_CIPHER -0x7300 /**< An unknown cipher was received. */
|
||||||
#define POLARSSL_ERR_SSL_NO_CIPHER_CHOSEN -0x7380 /**< The server has no ciphersuites in common with the client. */
|
#define POLARSSL_ERR_SSL_NO_CIPHER_CHOSEN -0x7380 /**< The server has no ciphersuites in common with the client. */
|
||||||
#define POLARSSL_ERR_SSL_NO_SESSION_FOUND -0x7400 /**< No session to recover was found. */
|
#define POLARSSL_ERR_SSL_NO_RNG -0x7400 /**< No RNG was provided to the SSL module. */
|
||||||
#define POLARSSL_ERR_SSL_NO_CLIENT_CERTIFICATE -0x7480 /**< No client certification received from the client, but required by the authentication mode. */
|
#define POLARSSL_ERR_SSL_NO_CLIENT_CERTIFICATE -0x7480 /**< No client certification received from the client, but required by the authentication mode. */
|
||||||
#define POLARSSL_ERR_SSL_CERTIFICATE_TOO_LARGE -0x7500 /**< Our own certificate(s) is/are too large to send in an SSL message.*/
|
#define POLARSSL_ERR_SSL_CERTIFICATE_TOO_LARGE -0x7500 /**< Our own certificate(s) is/are too large to send in an SSL message.*/
|
||||||
#define POLARSSL_ERR_SSL_CERTIFICATE_REQUIRED -0x7580 /**< The own certificate is not set, but needed by the server. */
|
#define POLARSSL_ERR_SSL_CERTIFICATE_REQUIRED -0x7580 /**< The own certificate is not set, but needed by the server. */
|
||||||
|
|
|
@ -358,8 +358,8 @@ void polarssl_strerror( int ret, char *buf, size_t buflen )
|
||||||
snprintf( buf, buflen, "SSL - An unknown cipher was received" );
|
snprintf( buf, buflen, "SSL - An unknown cipher was received" );
|
||||||
if( use_ret == -(POLARSSL_ERR_SSL_NO_CIPHER_CHOSEN) )
|
if( use_ret == -(POLARSSL_ERR_SSL_NO_CIPHER_CHOSEN) )
|
||||||
snprintf( buf, buflen, "SSL - The server has no ciphersuites in common with the client" );
|
snprintf( buf, buflen, "SSL - The server has no ciphersuites in common with the client" );
|
||||||
if( use_ret == -(POLARSSL_ERR_SSL_NO_SESSION_FOUND) )
|
if( use_ret == -(POLARSSL_ERR_SSL_NO_RNG) )
|
||||||
snprintf( buf, buflen, "SSL - No session to recover was found" );
|
snprintf( buf, buflen, "SSL - No RNG was provided to the SSL module" );
|
||||||
if( use_ret == -(POLARSSL_ERR_SSL_NO_CLIENT_CERTIFICATE) )
|
if( use_ret == -(POLARSSL_ERR_SSL_NO_CLIENT_CERTIFICATE) )
|
||||||
snprintf( buf, buflen, "SSL - No client certification received from the client, but required by the authentication mode" );
|
snprintf( buf, buflen, "SSL - No client certification received from the client, but required by the authentication mode" );
|
||||||
if( use_ret == -(POLARSSL_ERR_SSL_CERTIFICATE_TOO_LARGE) )
|
if( use_ret == -(POLARSSL_ERR_SSL_CERTIFICATE_TOO_LARGE) )
|
||||||
|
|
|
@ -390,6 +390,12 @@ static int ssl_write_client_hello( ssl_context *ssl )
|
||||||
|
|
||||||
SSL_DEBUG_MSG( 2, ( "=> write client hello" ) );
|
SSL_DEBUG_MSG( 2, ( "=> write client hello" ) );
|
||||||
|
|
||||||
|
if( ssl->f_rng == NULL )
|
||||||
|
{
|
||||||
|
SSL_DEBUG_MSG( 1, ( "no RNG provided") );
|
||||||
|
return( POLARSSL_ERR_SSL_NO_RNG );
|
||||||
|
}
|
||||||
|
|
||||||
if( ssl->renegotiation == SSL_INITIAL_HANDSHAKE )
|
if( ssl->renegotiation == SSL_INITIAL_HANDSHAKE )
|
||||||
{
|
{
|
||||||
ssl->major_ver = ssl->min_major_ver;
|
ssl->major_ver = ssl->min_major_ver;
|
||||||
|
|
|
@ -1594,6 +1594,12 @@ static int ssl_write_server_hello( ssl_context *ssl )
|
||||||
|
|
||||||
SSL_DEBUG_MSG( 2, ( "=> write server hello" ) );
|
SSL_DEBUG_MSG( 2, ( "=> write server hello" ) );
|
||||||
|
|
||||||
|
if( ssl->f_rng == NULL )
|
||||||
|
{
|
||||||
|
SSL_DEBUG_MSG( 1, ( "no RNG provided") );
|
||||||
|
return( POLARSSL_ERR_SSL_NO_RNG );
|
||||||
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* 0 . 0 handshake type
|
* 0 . 0 handshake type
|
||||||
* 1 . 3 handshake length
|
* 1 . 3 handshake length
|
||||||
|
|
Loading…
Reference in a new issue